doc-skill-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and deeply crawls arbitrary public URLs and PDFs (see SKILL.md examples and lib/fetcher.js + lib/crawler.js which use Playwright and templates/extract-and-links.js), then requires the agent to read the extracted docs (see generated skillMdPrompt / templates/skill-md-prompt.tpl.txt and the generate → install-skill workflow) and uses that content to produce commands and SKILL.md that drive tool behavior, so untrusted third‑party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The tool fetches user-supplied web pages at runtime (e.g., https://docs.example.com) via Playwright and saves their content into docs/, then emits a skillMdPrompt that tells the agent to read those fetched documents to create SKILL.md, so remote URL content directly controls the agent's prompts/instructions.