continuous-learning-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The instinct-cli.py "import" command explicitly fetches arbitrary http/https URLs (cmd_import uses urllib.request.urlopen) and parses/installs those external instinct files into project/global instincts that the agent loads and acts on, meaning untrusted third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts include scripts/instinct-cli.py which at runtime fetches arbitrary HTTP(S) URLs via urllib.request.urlopen (i.e., any http(s)://... passed to "instinct-cli.py import") and writes the fetched content into local instinct files that directly control agent prompts/behavior, so remote content can inject instructions at runtime.