atypica-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and references/api-reference.md explicitly show the agent polling atypica_study_get_messages (which may include tool outputs such as webSearch/webFetch) and fetching reports/podcasts via atypica_study_get_report that return HTML content and public share URLs, and it is required by the workflow to read/interpret those results (including persona prompts and web-derived content) to decide next actions (e.g., confirm plans, send tool results), meaning untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the MCP server at https://atypica.ai/mcp/study (used by the provided scripts and mcp tool calls) which executes remote AI logic and returns persona prompts/plan content that can directly control agent instructions, and the skill depends on that endpoint to operate.