context-mode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and index external web documentation and public pages (e.g., "ctx_fetch_and_index" for web docs, Playwright/browser_snapshot of pages, and examples using the GitHub API and raw.githubusercontent.com) so the agent will read and act on untrusted, user-provided third‑party content during its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching and indexing external documentation at runtime using raw GitHub URLs (e.g. https://raw.githubusercontent.com/org/repo/main/CHANGELOG.md), which would pull remote content into the agent's context and can directly control prompts/behavior.