documentation-site-setup

skills-sh:aj-geddes_useful-ai-prompts__documentation-site-setup

View source

84/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

84/100

MEDIUM 2

LOW 5

Findings (7)

MEDIUM

Role switching attempt PROMPT_INJECTION_002

prompt-injection L293

Detects attempts to make the AI assume a different role

Switch to dark mode

FIX

Remove directives that attempt to alter the agent's behavior or persona. Skill descriptions should describe tool functionality, not contain behavioral commands for the agent.

FP?

Likely FP if the matched text is part of the skill's legitimate system prompt configuration that defines the tool's behavior for the user, not an attack.

MEDIUM

Role switching attempt PROMPT_INJECTION_002

prompt-injection L301

Detects attempts to make the AI assume a different role

Switch to light mode

FIX

Remove directives that attempt to alter the agent's behavior or persona. Skill descriptions should describe tool functionality, not contain behavioral commands for the agent.

FP?

Likely FP if the matched text is part of the skill's legitimate system prompt configuration that defines the tool's behavior for the user, not an attack.

LOW

pip install arbitrary package EXTDL_009

external-download L242

Detects pip install of arbitrary packages that modify the host environment

pip install mk

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

pip install arbitrary package EXTDL_009

external-download L245

Detects pip install of arbitrary packages that modify the host environment

pip install mk

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

Global package installation EXTDL_004

external-download L489

Detects global installation of packages which affects the host system

npm install -g g

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L529

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://github.com/myorg/repo"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).

LOW

pip install arbitrary package EXTDL_009

external-download L641

Detects pip install of arbitrary packages that modify the host environment

pip install mk

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.