typo3-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required extraction workflow (SKILL.md: "Run extraction first" -> scripts/extract-all.sh) and the extraction patterns (references/extraction-patterns.md "Repository Metadata Extraction" / gh api commands and README/CHANGELOG parsing) explicitly fetch and ingest public GitHub/docs.typo3.org content (untrusted, user-generated) which the agent is expected to read and use to drive documentation generation and configuration decisions, so third-party content could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's "Local Rendering" workflow explicitly runs a remote Docker image (ghcr.io/typo3-documentation/render-guides:latest) at runtime to render and display HTML, so it fetches and executes remote code that the skill relies on (https://ghcr.io/typo3-documentation/render-guides:latest).