The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 0.90). The skill's workflows (references/workflows/tile-from-source.md, tile-from-docs.md, and docs-format.md) explicitly instruct the agent to read, copy, and analyze content from source paths including repo URLs and existing public docs, so it ingests untrusted/user-generated third-party material that can change agent behavior (e.g., converting procedural pages into skills or rules).

Report incorrect finding

Audited: about 2 months ago
Security analysis