doc-skill-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly instructs crawling and ingesting public websites (user-specified --url) via scripts/crawl_website.py and then summarizes/uses those fetched Markdown pages with scripts/summarize_pages.py (see SKILL.md steps 1–4), so arbitrary third‑party page content can be read and directly influence template filling and agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The scripts (scripts/crawl_website.py and scripts/summarize_pages.py) explicitly fetch user-supplied websites at runtime (e.g., https://vuejs.org) and then feed the retrieved pages into the summarization/template-filling pipeline (LLM-assisted), meaning remote content is injected into the agent/LLM context and can directly control prompts/outputs.