docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes open/public third‑party content — e.g., WebFetch of context7.com and other llms.txt pages, cloning and parsing GitHub repos via Repomix, and Researcher agents scraping community sources like Stack Overflow and Reddit — so the agent will read untrusted, user‑generated content and is exposed to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly WebFetches llms.txt from https://context7.com/{org}/{repo}/llms.txt (and variants like https://context7.com/.../llms.txt?topic=...) at runtime and uses that fetched content to generate the URLs and instructions fed to Explorer/Researcher agents, so this external URL directly controls agent prompts and is a required dependency.