docs-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill falls back to running WebSearch and then WebFetch to retrieve llms.txt links and documentation pages from arbitrary public websites found via search, meaning the agent will ingest and interpret untrusted third-party content (public web pages) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime WebFetch of discovered "llms.txt" URLs (e.g., https://.../llms.txt) and "fetch and parse" those files to include in its processing, which lets arbitrary remote content directly influence the agent's prompts/responses.