skill-generate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires scanning and incorporating content from GitHub issues and Discussions ("Step 2b — Scan GitHub issues and discussions"), which are public, user-generated sources that the agent will read and use to decide failure modes and update skill content, allowing untrusted third-party text to influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and incorporate repository files and GitHub issues at runtime (e.g., Owner/repo:docs/framework/react/guides/.md — e.g. TanStack/query:docs/framework/react/guides/.md and related GitHub issue pages), which will directly control the generated SKILL.md content and thus agent prompts.