anp-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI (scripts/anp_cli.py) fetches and parses AD documents and interface descriptors from arbitrary AD URLs (e.g., fetch_ad/get_interface called on ad_url from config/agents.json or user-supplied URLs), and then uses the discovered RPC endpoints and methods to drive calls—meaning untrusted third‑party AD/interface content can directly influence agent behavior and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches AD documents at runtime (e.g., https://agent-connect.ai/mcp/agents/amap/ad.json from config/agents.json) and uses the returned JSON to determine RPC endpoints and methods to invoke, meaning remote content directly controls what remote code/actions are executed.