antislop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Pattern Refresh Protocol" in SKILL.md explicitly instructs the agent to fetch and parse public Wikipedia pages (via Gemini CLI or curl to https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing and https://en.wikipedia.org/wiki/Wikipedia:WikiProject_AI_Cleanup) and then ingest those user-editable pages to update detection rules, allowing untrusted third-party content to change the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's "Pattern Refresh Protocol" explicitly instructs running Gemini or curl to fetch and parse live Wikipedia pages at runtime (e.g. https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing and the API endpoint https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:Signs_of_AI_writing&prop=wikitext&format=json), which would retrieve external content that is parsed/executed (gemini / curl | python) and then used to update detection patterns that directly control the agent's behavior, so this is a runtime external dependency that can control prompts/logic.