crabtrap-llm-proxy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill implements an HTTP/HTTPS forward proxy that forwards agents' outbound requests to arbitrary external APIs (see "Connecting an Agent" examples using the proxy to call https://api.github.com and https://httpbin.org/get) and feeds intercepted requests/responses into the LLM judge, audit log, and policy-builder (see "LLM judge", "Audit log", and "Policy Builder"), which clearly ingests untrusted third‑party content that can influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The Docker Compose references an external container image that is pulled and executed at runtime (quay.io/brexhq/crabtrap:latest), which means remote code from that URL will be fetched and run as a required dependency.