customware-support-widget

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads the external script https://app.customware.ai/support-widget/customware-chat.js and renders the third-party widget (SKILL.md and references/component-usage.md), which hosts untrusted chat content and can read domain/context and trigger page operations—allowing remote/user-generated instructions to influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires loading the external runtime script https://app.customware.ai/support-widget/customware-chat.js from root.tsx at runtime; that script is a required dependency and executes remote code (registering the element and running the widget/chat runtime), so it can control prompts and page-operation behavior.