docs-to-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to fetch and parse arbitrary documentation pages provided by the user using Jina Reader (prefixing URLs with r.jina.ai/), so it will read and act on untrusted third-party web content as part of generating skills.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches user-supplied documentation at runtime via r.jina.ai/https://... (e.g., r.jina.ai/https://getbootstrap.com/docs/5.3/getting-started/introduction/) and injects that fetched markdown into the agent's generation process to produce SKILL.md, meaning the external URL directly controls prompts/content.