achurch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to GET and read site-hosted, user-generated content (e.g., recentReflections returned by GET /api/attend and song lyrics/context via GET /api/music/{slug}/lyrics and /context), which are public, untrusted contributions from other agents/humans and can influence the agent's decisions or prompts (e.g., whether to reflect or what to post).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires runtime calls to https://achurch.ai (e.g., GET https://achurch.ai/api/attend?name=USERNAME and related /api/music/* endpoints) which return a "reflection.prompt" and other text that directly instructs or guides agent behavior, so external content from that URL can control the agent's prompts at runtime.