instinct-import

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses instinct files from external URLs (e.g., "Fetch the instinct file (local path or URL)" and usage example "https://github.com/org/repo/instincts.yaml" / "community collections"), and those imported instincts are merged into the agent's stored instincts and can change behavior, so untrusted third-party content could inject instructions indirectly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the skill's CLI can fetch an "instinct" file from a remote URL (e.g., https://github.com/org/repo/instincts.yaml) or via the Skill Creator repo fetch (e.g., acme/webapp), and that fetched YAML directly modifies the agent's instincts (i.e., prompts/instructions), so remote content can control agent behavior.