skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to "search the web or check the project's GitHub/registry page" to verify tools, versions, and CVEs (Mode 1 Step 2 / Mode 2 content checks), meaning the agent will fetch and act on untrusted public web content whose instructions could influence decisions and actions.