project-onboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 1b explicitly instructs the agent to "pull up-to-date docs via Context7" and to "search for relevant skills" (e.g., via npx skills search and public repositories like vercel-labs/agent-skills), saving those external, public documents into .context/stack-docs/ that the agent is then told to read and act on (e.g., CLAUDE.md routes instruct the agent to read .context/stack-docs/ BEFORE using framework APIs), which clearly ingests and uses untrusted third‑party web/community content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly pulls up-to-date library docs from the external "Context7" service at runtime and saves them into .context/stack-docs/, which are then read by the agent—meaning remote content from Context7 can be injected into the agent's context and directly influence prompts (Context7 is referenced but no explicit URL is provided in the skill files).