moai-baas-foundation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Core Implementation explicitly calls Context7Client.get_library_docs to fetch latest provider documentation (see the "Core Implementation" code in SKILL.md and referenced provider docs in reference.md such as supabase.com/docs and firebase.google.com/docs) and then analyzes that external public documentation to drive provider-selection decisions, so untrusted third-party web content is read and can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls Context7Client.get_library_docs at runtime to fetch external provider documentation from the Context7 API (external service) which is injected into provider_docs and directly drives the agent's recommendations and prompts, so the Context7 fetch is a runtime external dependency that controls the agent's behavior.