aif-skill-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill's Learn Mode (documented in SKILL.md and references/LEARN-MODE.md) explicitly fetches and studies arbitrary user-supplied URLs using WebFetch/WebSearch (and scripts like scripts/search-skills.py perform public HTTP fetches), and the agent ingests and synthesizes that untrusted third-party content into generated skills and decisions, so page instructions can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Learn Mode explicitly fetches user-provided URLs at runtime via WebFetch and injects the fetched page content into the agent prompt/workflow (e.g., example URL: https://tailwindcss.com/docs), meaning external pages can directly control generated SKILL.md and agent instructions.