create-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly fetches and ingests third‑party content from the public FoJin platform (e.g., ${CLAUDE_SKILL_DIR}/tools/sutra_collector.py, tools/fojin_bridge.py and tools/rag_query.py; RAG instructions in prompts/rag_instructions.md and README references to fojin.app) as a required runtime step and uses those retrieved texts to drive generation and decisions, exposing the agent to untrusted external content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls the FoJin API at runtime (e.g., tools/fojin_bridge.py, rag_query.py, sutra_collector.py) to fetch content from https://fojin.app (see https://fojin.app/texts/8038 etc.), and those retrieved texts are embedded into the model's RAG/context and required for generation—so runtime-fetched external content directly controls prompts.