docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs WebSearch/WebFetch and launches Explorer/Researcher agents to retrieve and read llms.txt files from context7.com and other public websites and GitHub repositories (via Repomix), thereby ingesting untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime WebFetch of llms.txt from context7.com (e.g., https://context7.com/{org}/{repo}/llms.txt) and then uses the fetched content to drive agent behavior and prompts, making that external URL a required runtime source that directly controls instructions.