skills-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's reference docs explicitly include a conditional workflow that says "Is input a URL?
• Yes: Use scripts/fetch_remote.py" (references/REFERENCE.md) and the spec examples mention requiring internet access, which shows the agent may fetch and ingest arbitrary user-provided/public URLs and read their contents as part of its workflow, exposing it to untrusted third‑party content that could inject instructions.