lenny-skillpack-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public Refound/Lenny pages (see scripts/fetch_refound_skills.py which downloads SKILL.md or page.html from refoundai.com) and its workflow (references/WORKFLOW.md and SKILL.md) requires the agent to read and normalize that untrusted third-party content as input for creating skill packs, so external text could influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The script scripts/fetch_refound_skills.py performs runtime HTTP fetches of Refound skill files (e.g., https://refoundai.com/skills//SKILL.md and the fallback https://refoundai.com/lenny-skills/s//) which are saved and used as source SKILL.md content that can directly steer agent prompts/instructions, and the meta-skill expects those fetched sources as inputs.