graphify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly allows ingesting arbitrary public URLs into the corpus ("Step 9: Add external sources to the corpus" with examples like graphify add https://arxiv.org/..., https://x.com/...), meaning the agent will fetch and incorporate untrusted, user-provided third‑party content into graphs that can be read and used to influence subsequent queries and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running the external Python package "graphifyy" (installed via pip and served from PyPI), which fetches and executes remote code at https://pypi.org/project/graphifyy/ during runtime, making it a required external dependency that runs remote code.