evaluate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly clones and installs a public GitHub repo (https://github.com/careerhackeralex/visualize), reads and edits files like SKILL.md and eval/pipeline/LOOP-PROMPT.md, and even requires passing the entire LOOP-PROMPT.md as the agent prompt, so untrusted, user-authored repository content is ingested and can directly control the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill clones and installs the GitHub repository at https://github.com/careerhackeralex/visualize.git at runtime and explicitly instructs the agent to "Pass the ENTIRE contents" of eval/pipeline/LOOP-PROMPT.md (from that repo) as the agent prompt, meaning remote repository content fetched during runtime directly controls agent prompts and is a required dependency.