verify-evidence-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase A subagents explicitly perform WebSearch/WebFetch over public sources (e.g., arXiv/IEEE/ACM, RFC/W3C/NIST, GitHub discussions, Stack Overflow, Reddit, HN) and ingest those untrusted, user-generated or third‑party pages into Evidence Bundles that reviewers read and which directly influence verdicts, iterations, and downstream actions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly performs runtime WebSearch/WebFetch and injects fetched page content into agent evidence bundles consumed by reviewer prompts (e.g., fetching from external domains such as https://raw.githubusercontent.com or https://arxiv.org), so these external URLs can directly influence agent behavior and pose prompt-injection risk.