weft-ai-language

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows multiple workflows (e.g., Pattern 1 "Content Summarizer", Pattern 4 "Daily Digest", and Pattern 5 "Research Agent") where a WebSearch node fetches public web/news content (search.results) and that untrusted content is fed directly into LlmInference prompts, allowing third-party pages to influence agent behavior and enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). Contains explicit instructions that require elevated privileges (e.g., "sudo mv ./kind /usr/local/bin", "brew install bash") and scripts that install system binaries or destroy containers/databases, so it directs changes to the host system state.