temporal-cortex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's routing and network scope explicitly include Layer 3-4 tools (e.g., query_public_availability and resolve_identity) that call the platform API (api.temporal-cortex.com) to fetch other users' public availability/Temporal Link data as part of the required workflow (Routing Table / Core Workflow steps and Network Scope), which is untrusted third-party user-generated content that the agent reads and uses to decide booking actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's install/startup fetches and executes a platform-specific MCP binary from GitHub Releases (e.g. https://github.com/temporal-cortex/mcp/releases/tag/mcp-v0.9.1, via the npx @temporal-cortex/cortex-mcp flow), which downloads remote executable code that the skill requires and runs locally.