skill-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly scrapes and ingests public third-party documentation (see agents/api-doc-scraper.md using WebFetch and Playwright, /scrape-api, and /deep-audit which uses Firecrawl to fetch docs from arbitrary docs URLs) and then reads/parses that content as part of generating and auditing skills, exposing the agent to untrusted web content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The api-doc-scraper and /scrape-api workflow explicitly fetch user-supplied documentation URLs at runtime (e.g., https://rocketdotnet.readme.io/) via WebFetch and Playwright and then inject the scraped content into agent prompts and generation steps, so the remote URL content directly controls agent instructions and is a required runtime dependency.