azure-typespec-author

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow requires downloading and reading external public documentation (the azure.github.io URLs listed in SKILL.md Step 2) via the agentic fetch procedure in references/agentic-search.md, and explicitly mandates grounding the implementation plan on that fetched content, which lets untrusted third-party page content influence decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Agentic Search procedure explicitly downloads and parses the specified Azure TypeSpec how‑to pages at runtime (e.g. https://azure.github.io/typespec-azure/docs/howtos/versioning/arm/02-preview-after-preview/, https://azure.github.io/typespec-azure/docs/howtos/versioning/arm/03-stable-after-preview/, https://azure.github.io/typespec-azure/docs/howtos/versioning/arm/04-preview-after-stable/, https://azure.github.io/typespec-azure/docs/howtos/versioning/arm/05-stable-after-stable/) and requires the plan to be "grounded in the downloaded reference material," meaning fetched external content is used at runtime to directly control the agent's prompts/instructions and is a required dependency.