skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly requires scraping and ingesting content from public third-party sources (e.g., scrape_docs, scrape_github, scrape_pdf, scrape_video, scrape_generic in the "Scraping" section and the recommended workflow step 4 "Scrape the source"), so the agent will read and act on untrusted web/GitHub/YouTube/forum content that can influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches user-supplied sources at runtime (e.g., https://... and github.com/... or owner/repo patterns) via tools like scrape_docs/scrape_github and injects that fetched content into the model/context to generate skill prompts, so external URLs such as github.com/... are used to directly control agent instructions.