docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's fetch-docs.js automatically constructs and retrieves documentation from context7.com (and returns llms.txt for analyze-llms-txt.js) and the Quick Start explicitly says "Read URLs with WebFetch," so the agent ingests open/public third‑party content that could contain untrusted/user-generated text.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's fetch-docs.js explicitly constructs and fetches documentation URLs from context7.com at runtime and outputs llms.txt which is then injected/processed to drive agent prompts and distribution, so https://context7.com is a runtime dependency that directly controls agent instructions.