course-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "URL Parsing Strategy" explicitly instructs the agent to use WebFetch and Chrome automation to navigate to and read user-provided/open web URLs (e.g., course platforms like Coursera/Udemy or arbitrary pages), so it ingests untrusted third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches a user-provided external URL at runtime (Phase 1: "Parse URL" via WebFetch or mcp__claude-in-chrome__navigate) and then injects the parsed page content directly into subagent prompts (e.g., "Context: [paste parsed course outline]"), meaning an arbitrary external URL supplied at runtime can directly control agent instructions.