full-project-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's interview and implementation workflow explicitly requires web browsing and external fetches (e.g., "Step 2.5 — Market Research Snapshot" and Round R10 / "Context7 MCP tool" / WebSearch + WebFetch fallbacks) and instructs the agent to read and use those fetched third‑party API docs and web references to make stack, integration, and implementation decisions, so untrusted public content can directly influence next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires fetching third-party API documentation at runtime via the Context7 MCP tool or WebFetch (i.e., arbitrary external URLs such as a provider's docs page like https://{third-party}/docs or raw API doc URLs), and those fetched docs are injected into prompts and used to drive agent instructions — creating a clear runtime dependency on external URLs that can control the agent's behavior.