deep-knowledge-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs adding and crawling git submodules from arbitrary documentation repository URLs (Phase 0: "git submodule add " and the prompt to "Ask user for the documentation repository URL") and then requires agent teams to read and iterate over that submodule's content in Phases 1–3, exposing the agent to untrusted public third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs adding and crawling a git submodule (e.g., https://github.com/MicrosoftDocs/dataexplorer-docs.git) which will be fetched at runtime and read into agent workflows, thereby directly influencing agent prompts/instructions from external content.