nemo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Nemo fetches and returns full, user-contributed SKILL.md content via https://nemo.25chenghua.workers.dev/api/skill/SKILL_NAME and proxies calls to arbitrary MCP server endpoints via /api/call, meaning the agent will read and act on untrusted, third-party (user-generated) content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches runtime instructions and proxies tool calls from https://nemo.25chenghua.workers.dev (e.g., /api/skill and /api/call), meaning externally-hosted content can directly control agent prompts or cause remote code/tool execution.