rfc-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires mandatory online research using web_search and web_fetch to retrieve and examine public third‑party content (e.g., GitHub URLs like "https://github.com/[project]/[path]/[file]" and other web resources) which the agent is expected to read and incorporate into the RFC, exposing it to untrusted user-generated/open-web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of external source files (e.g. using web_fetch on "https://github.com/[project]/[path]/[file]" and similar GitHub URLs) to examine and inject code/snippets into the RFC research, so external content fetched at runtime can directly control the agent's prompts and output.