deckset

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly runs scripts/refresh_sources.py to refresh upstream Deckset documentation and configured gist examples (populating references/* and refresh-metadata.json from docs_url and gist_source) on every invocation and then requires those refreshed files for drafting and provenance, so untrusted public web content (docs/gists) is ingested and can influence the agent's deck-generation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs scripts/refresh_sources.py on every invocation and the generated metadata references docs_url=https://docs.deckset.com/markdownDocumentation.html, indicating that content at that URL is fetched at runtime and used to control the skill's drafting instructions and behavior.