testing-handbook-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs agents to clone/read the public Testing Handbook and to use WebFetch to retrieve and summarize external URLs listed in handbook resource files (see agent-prompt.md "Fetch external resources with these limits" and the templates/discovery.md references to 99-resources.md), so the agent ingests open/public third‑party web content as part of its workflow, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the Testing Handbook repository at runtime (e.g., via "git clone --depth=1 https://github.com/trailofbits/testing-handbook.git") and uses fetched content with WebFetch to populate agent prompts and generate SKILL.md, so the external URL is a required runtime dependency that directly controls generated instructions.