skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to download and index upstream documentation via the "Auto-Updating Documentation Pattern" (e.g., /plugin-creator:add-doc-updater that collects a source URL) and to run dynamic context-injection commands (e.g., !gh pr view $0 --json ...) which cause the agent to ingest untrusted public third-party content (public docs, PRs) that can materially influence subsequent tool use and decisions.