strix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary GitHub repository URLs and live web app URLs as scan targets in SKILL.md (Step 3/4) and the run-scan.sh / scripts/ci-scan.sh invoke strix on those targets (and references/providers-and-config.md even enables web search via PERPLEXITY_API_KEY), so the agent will fetch and interpret untrusted third-party content that can materially influence scan actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installer and CI examples explicitly run remote installer code via "curl -sSL https://strix.ai/install | bash" (and the install script then pulls the sandbox image ghcr.io/usestrix/strix-sandbox:0.1.13), which fetches and executes remote code as a required setup step for the skill.