skill-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates scraping and ingesting public third‑party documentation and repositories (e.g., react.dev, docs.rs, GitHub repos, and PDFs) via Skill_Seekers as described in SKILL.md and references/skill-seekers-integration.md, so untrusted web content is read and used to drive creation, testing, and tool actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly auto-installs and executes the Skill_Seekers repository at runtime (e.g., git clone https://github.com/yusufkaraaslan/Skill_Seekers and running its cli/doc_scraper.py) and also scrapes external docs like https://react.dev and https://docs.rs/anchor-lang during execution to generate skill content, so remote code and fetched documentation directly influence instructions and are runtime dependencies.