docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes public documentation from third-party sites—e.g., context7.com llms.txt endpoints, arbitrary documentation websites found via WebSearch, and GitHub repositories cloned and read via Repomix—which the agent reads and aggregates, exposing it to untrusted, user-generated content and potential indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime WebFetch of llms.txt from context7.com (e.g., https://context7.com/{org}/{repo}/llms.txt) and then uses the fetched content to drive agent behavior and prompts, making that external URL a required runtime source that directly controls instructions.