connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to and ingests content from third-party services (see "Supported Apps" listing GitHub, Reddit, Twitter and the Examples like "Find GitHub issues labeled 'bug'"), so the agent will read/interpret untrusted, user-generated content fetched from those external apps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill sets the agent's mcp_servers to use session.mcp.url (the Composio MCP endpoint returned by composio.create) which is called at runtime and can supply tool routing/instructions or execute actions, making it a required external endpoint that can directly control agent behavior.