nim

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime code (scripts/nim_call.py) sends prompts to the public NVIDIA NIM endpoint (https://integrate.api.nvidia.com/v1/chat/completions) and returns those model responses, and the SKILL.md/README explicitly instructs integrating and using /nim so the agent will read and act on external, untrusted model outputs that could contain instructions influencing subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to the NVIDIA NIM endpoint (https://integrate.api.nvidia.com/v1/chat/completions), and the returned model completions are directly used to drive agent responses (i.e., externally fetched content controls the agent's instructions/outputs).