agentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated annotations from the agentation MCP server (e.g., the SKILL.md UserPromptSubmit hook and platform hooks that curl http://localhost:4747/pending and the agentation_watch_annotations watch-loop) and auto-injects that untrusted annotation text into agent prompts/workflows, allowing third-party content to influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime setup and platform hooks explicitly run npx to fetch-and-execute the agentation-mcp package (e.g., "npx -y agentation-mcp server" — https://www.npmjs.com/package/agentation-mcp), which downloads and executes remote code at runtime and is required for the MCP watch-loop.