authoring-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's conversion workflow explicitly ingests arbitrary URLs and web pages (see references/CONVERTING.md and the INSTRUCTIONS.md Phase A URL conversion steps using curl/pandoc/wget and a WebFetch fallback), and those converted third‑party pages are read and used by Planner/Implementer/Claude in subsequent design and automation decisions, so untrusted web content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CONVERTING workflow runs curl + pandoc at runtime to fetch arbitrary web pages (e.g., curl -o /tmp/page.html '' in references/CONVERTING.md), which imports remote content into the agent's processing pipeline and can directly control prompts/instructions — this is a high-risk runtime dependency.