moai-alfred-agent-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL's Research Engine (Stage 3 in SKILL.md and reference.md) explicitly fetches documentation via Context7 MCP and—if unavailable—falls back to WebFetch/WebSearch (see mcp__context7__get_library_docs and WebFetch usage), and those fetched third‑party documents are synthesized into recommendations and templates that drive model selection, tool permissions, and agent behavior, so untrusted public content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime fetches of external documentation via Context7 MCP calls (e.g., mcp__context7__get_library_docs with context7CompatibleLibraryID="/tiangolo/fastapi") and WebFetch, and those fetched docs are synthesized into the agent's prompts/templates, so external content can directly control agent instructions.