command-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's design patterns (references/design-patterns.md, Pattern 3 "Parallel Research + Sequential Implementation") explicitly instruct spawning "deep-researcher" agents to gather package information, community recommendations, vulnerabilities, and alternatives from external/public sources and then use those findings to recommend and execute actions (e.g., add/install a dependency), which means the agent will read untrusted third‑party content that can influence decisions and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt is a meta-template for building side-effecting "command" skills (deploys, file mutations, cross-repo operations) which can change machine state, but it explicitly instructs safety controls (disable-model-invocation, approval gates, no hardcoded absolute paths) and does not request sudo, system-level edits, user creation, or bypassing security mechanisms itself.