antithesis-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open and scrape arbitrary tenant triage report and logs URLs on https://$TENANT.antithesis.com (see SKILL.md "Report URL or Tenant ID" and the many assets/.js scripts such as assets/report/ and assets/logs/*) and to extract and act on DOM-derived data (log URLs, findings, navigation), meaning untrusted third‑party report/log content can directly influence navigation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running agent-browser via npm or the GitHub repo (https://github.com/vercel-labs/agent-browser/ and the suggested npx skills add vercel-labs/agent-browser), which would fetch and execute remote code as a required runtime dependency.