create-blog-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required editorial guidelines (references/writing-guidelines.md and the SKILL.md "Step 7" / "Use the webpage title (curl fetch it!)" instruction) explicitly require fetching and using webpage titles from external sites and consulting external references, so the agent will retrieve and interpret arbitrary public web pages (untrusted third-party content) that can influence writing and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a git clone at runtime (git clone --recurse-submodules https://github.com/jim60105/blog.git) and then directs the agent to read files from that repository (e.g., .github/instructions/quill-sage.instructions.md) which are required dependencies and directly control the agent's editorial instructions, so the external URL https://github.com/jim60105/blog.git is a runtime dependency that controls agent behavior.