write-coding-standards-from-file

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires fetching and using content from public URLs under "## if ${fetchStyleURL} == true" and the "### Fetch Links" list (e.g., https://w3schools.com, GitHub links, docs.microsoft.com), so the agent will ingest untrusted third‑party webpages and use them to influence the generated coding standards.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill sets fetchStyleURL=true by default and explicitly runs runtime #fetch on the listed "Fetch Links" (e.g., https://peps.python.org/pep-0008/), and that fetched content is incorporated into the agent's prompt/context to guide the generated coding standards, so these external resources directly control the agent's prompts.