laravel-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Documentation Verification Protocol explicitly instructs the agent to fetch and use content from public third-party sources (via mcp__context7__query-docs and fallback to https://github.com/laravel/docs), and those returned docs are treated as authoritative and override memorized knowledge, so untrusted external content can directly influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls for fetching fallback docs at runtime from https://github.com/laravel/docs (via the context7 fallback) and states "Returned docs override memorized knowledge," meaning externally fetched content can directly control agent behavior/prompts.