guided-product-demo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's STEP 3 explicitly requires fetching and extracting brand signals from a user-provided live URL ("If the user provided a URL instead of a repo, fetch that URL and extract the same brand signals from the live site"), meaning the agent will ingest arbitrary public web content that can materially influence its decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing and running remote Helios packages (npm install @helios-project/core @helios-project/renderer @helios-project/cli and executing via npx helios render), which will fetch and execute remote code at runtime, so this is a runtime external dependency that executes remote code.