continuous-learning-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI import command (scripts/instinct-cli.py :: cmd_import) explicitly fetches arbitrary http(s) URLs and parses/writes those external instinct files into project/global instinct directories, meaning untrusted third-party content can be ingested and used to change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). scripts/instinct-cli.py's import command uses urllib.request.urlopen to fetch arbitrary http(s) URLs at runtime and then parses and writes the fetched content as instinct files (i.e., rules that the observer/agents will load and apply), so any http(s) URL passed to "instinct-cli.py import" can directly control agent behavior (flagging runtime fetches via http(s) URLs handled by urllib.request.urlopen).