prompt-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to call the prompts.chat MCP server (search_prompts and get_prompt) to fetch and present user-authored prompts from the public prompts.chat site, meaning untrusted third-party prompt content is ingested and interpreted as part of the workflow and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls the prompts.chat MCP server (prompts.chat / https://prompts.chat) at runtime to fetch and improve prompt templates, so external content from that URL directly controls the agent's prompts.