ordfs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and example files explicitly instruct the agent to fetch and render arbitrary, public user-generated inscriptions from the ORDFS gateway (e.g., https://ordfs.network/content, /preview and directory endpoints shown in SKILL.md and examples/fetch-content.ts), which the agent is expected to read/interpret (including X-Map metadata and rendered HTML/JS) and could therefore carry instructions that materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches and loads content at runtime from https://ordfs.network (via fetch calls, preview endpoints, and examples), which can deliver remote HTML/JavaScript that will execute in the client and thus can control behavior, so this external URL is a runtime-executed dependency.