overview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md (Connection Process: "Discovery") and references/ceps.md (CEP-6) explicitly require the client to query public Nostr relays (e.g., wss://relay.contextvm.org) and read replaceable events like server announcements, tools/resources/prompts lists, which are untrusted third-party events that the agent parses and uses to decide actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill relies on Nostr relays at runtime (e.g., wss://relay.contextvm.org) which carry kind 25910 JSON-RPC events such as tools/call that can directly control agent prompts/instructions delivered over the relay.