docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs WebSearch/WebFetch and launches Explorer/Researcher agents to retrieve and read third‑party documentation and sites (e.g., context7.com llms.txt URLs, arbitrary GitHub repositories via Repomix, and community sources like Stack Overflow and Reddit), so it ingests untrusted user-generated web content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly WebFetches llms.txt from context7.com at runtime (e.g., https://context7.com/{org}/{repo}/llms.txt) and uses the fetched content to direct Explorer/Researcher agents and build prompts, so this external URL can directly control agent instructions.