ariadne

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly states in the required init workflow (step 6) that it reads the backend GitHub repository tree and server code files to auto-infer routes/DTOs, so the agent will fetch and interpret public third-party (GitHub) content that can change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requests and reads a backend GitHub repository at runtime (e.g., https://github.com/example/backend) to fetch server code that is used to drive its analysis/reporting, meaning external content would be injected into and directly control the agent's behavior.