ultimate-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web and user-provided content (e.g., scripts/grok-search.sh and scripts/tavily-search.sh calling external Grok/Tavily search APIs and scripts/web-fetch.sh and scripts/web-map.sh extracting arbitrary URLs) and SKILL.md requires the agent to read, cross-validate, and act on those third‑party results, so untrusted web content can directly influence the agent's decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Docker Compose pulls and runs external container images (e.g., ghcr.io/chenyme/grok2api:latest, ghcr.io/xuncv/tavilyproxymanager:latest, ghcr.io/flaresolverr/flaresolverr:latest), which fetch remote code that is executed as required runtime dependencies for the skill, so these URLs present an execution-of-remote-code risk.