inject-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Next.js flow (SKILL.md Phase 1 Option A) runs "npx @next/codemod@canary agents-md" which explicitly downloads version-matching documentation from Vercel's servers and injects it into the project's CLAUDE.md, meaning the agent ingests public third‑party website content that can materially influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Next.js workflow invokes remote code at runtime via the npx command "npx @next/codemod@canary agents-md" which downloads/executes a codemod and "downloads version-matching documentation from Vercel's servers" to inject into the target file, so external content fetched at runtime directly controls the injected prompts/docs.