validation-doctor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Diagnostics explicitly instructs the agent to call brave_web_search (Brave Search) and even allows a fetch fallback in runtime policy, so the skill fetches and interprets public web search results/pages (untrusted third‑party content) as part of its workflow which can influence validation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx to fetch and run remote packages at runtime—specifically "npx chrome-devtools-mcp@latest" and "npx @brave/brave-search-mcp-server" (e.g. https://www.npmjs.com/package/chrome-devtools-mcp and https://www.npmjs.com/package/@brave/brave-search-mcp-server)—which downloads and executes remote code that the skill depends on, so it meets the criteria for a runtime code-executing external dependency.