chat-list

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch a recipe from the public URL https://fullstackrecipes.com/api/recipes/chat-list (and references recipe://fullstackrecipes.com/chat-list), which is an external third-party website the agent would read and interpret at runtime, exposing it to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime fetch command to retrieve a recipe from https://fullstackrecipes.com/api/recipes/chat-list which would supply external recipe/instructional content that can directly control the agent's behavior, making it a required runtime dependency.