docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow (SKILL.md and WORKFLOWS.md) explicitly fetches and ingests open web content — e.g., WebFetch of llms.txt URLs, Repomix cloning/reading public GitHub repos, and Researcher/Explorer agents that read community sources like Stack Overflow and Reddit — meaning untrusted third‑party pages are read and used to drive analysis and agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches llms.txt at runtime (e.g., https://docs.astro.build/llms.txt) to determine which documentation URLs agents should read and also runs repository operations (e.g., git clone https://github.com/org/library-name and optional npm install -g repomix) which fetch and can execute remote code, so these external URLs/operations directly control agent behavior and can execute code.