agent-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Using MCP servers" section explicitly lists Firecrawl ("Web crawling | Data collection") and Playwright ("Control web browser"), indicating the agent is intended to fetch and analyze public web content (untrusted third-party sources) as part of its multi-agent workflows, which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Dockerfile in the skill contains "RUN curl -fsSL https://claude.ai/install.sh | sh", which fetches and executes remote code at build/run time and is included as a required setup step for the skill, so https://claude.ai/install.sh is a high-risk runtime external dependency.