skill-to-card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Step 2 explicitly instructs fetching metadata via curl from the public Sundial API (https://www.sundialhub.com/api/hub/skills/by-author-name/...) and extracting use_cases, and those use_cases are then mapped to --powers and injected into image-generation prompts in scripts/generate_single_card.py, so untrusted third‑party content directly influences tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The SKILL explicitly runs a runtime fetch via curl to https://www.sundialhub.com/api/hub/skills/by-author-name/AUTHOR/SKILL_NAME to retrieve server-generated "use_cases" which are then injected into the card-generation prompts (directly influencing model input), so this external URL controls prompts at runtime.