fetch-library-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests documentation from an external MCP-backed index of public library docs (see SKILL.md "Fetches official documentation..." and scripts/fetch-raw.sh / scripts/fetch-docs.py which call the MCP tools "query-docs" / "resolve-library-id" to retrieve third-party site content such as /reactjs/react.dev), and that retrieved untrusted, user-facing documentation is parsed and used to drive coding, debugging, and decision-making—so it exposes the agent to arbitrary third-party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs the external command "npx -y @upstash/context7-mcp" at runtime (and passes it as the stdio MCP server), which fetches and executes remote npm package code and returns documentation content that is injected into the agent's context and therefore can directly control prompts/behavior.