agentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required watch-loop and hook workflows (e.g., agentation_watch_annotations, GET /pending, and the Claude UserPromptSubmit hook that curls http://localhost:4747/pending) explicitly pull user-generated annotations from the MCP server and inject them into agent prompts, and agents are instructed to interpret those annotations (acknowledge → grep/fix → resolve), so untrusted third‑party annotation text can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx agentation-mcp server" (which fetches and executes the agentation-mcp npm package — https://www.npmjs.com/package/agentation-mcp), and that remote-executed package runs a server whose outputs are injected into agent prompts via platform hooks, so it is a runtime-fetched/exec'd dependency that can directly affect agent instructions.