creating-zed-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The example DocsExtension clearly fetches and returns content from open/public sources — e.g., fetch_api_reference runs curl against https://api.github.com/repos/{library}/readme (and fetch_docs constructs docs.rs URLs) which ingests arbitrary, user-generated README/docs content that could contain injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The DocsExtension.run_slash_command implementation runs a curl subprocess at runtime to fetch https://api.github.com/repos/{library}/readme and returns the raw response in the SlashCommandOutput, so remote content is fetched during execution and can directly influence prompts or downstream behavior.