doc-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read external docs (check llms.txt, fetch .md variants, curl llms-full.txt, use WebFetch, and connect to MCP endpoints) from arbitrary documentation sites, so the agent will ingest untrusted third‑party web content that can influence its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagged because the skill explicitly instructs fetching and injecting remote documentation into the agent's runtime context (e.g., curl "https://docs.example.com/llms-full.txt" and "https://docs.example.com/page.md") and even suggests running "npx skills add docs.example.com/skill.md", meaning external content can directly control prompts or execute remote code.