docs-to-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly uses WebFetch to crawl and ingest arbitrary public documentation URLs (llms.txt, sitemap.xml, and recursive page fetches of user-provided docs via the /docs-to-skill command), so the agent will read and interpret untrusted third‑party web content as part of its workflow, exposing it to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to WebFetch and "Extract ALL documentation URLs listed in this file" from index endpoints such as https://docs.example.com/llms.txt (and fallbacks like /sitemap.xml), so fetched content directly controls the agent's crawling/prompts and is a required runtime dependency.