cookiy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and acts on user-generated third-party content returned by the Cookiy MCP tools — e.g., participant transcripts and playback URLs from cookiy_interview_playback_get and remote images via cookiy_media_upload (image_url) — and the workflow docs (ai-interview.md, study-creation.md, tool-contract.md) explicitly require the agent to read those responses and follow server-provided directives (status_message/next_recommended_tools), which can materially change subsequent tool calls and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly installs and/or connects at runtime to Cookiy's MCP service (via npx cookiy-mcp and the MCP endpoint https://dev-api.cookiy.ai/mcp), and the MCP responses (status_message, next_recommended_tools, presentation_hint) are treated as authoritative instructions the agent must obey, so remote-fetched code/responses directly control agent behavior.