The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 0.85). The workflow uses `ask src zod` / `ask docs zod` to fetch and read Zod’s README and MDX docs from the lockfile-pinned package at runtime; this ingests third-party free text (outsider-authored documentation) into the agent’s LLM context.

Report incorrect finding

Audited: 1 day ago
Security analysis