d6e-docker-stf-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and examples explicitly fetch and ingest data from arbitrary external/public URLs provided in inputs (e.g., fetch_weather_data calls https://api.weatherapi.com, the "External API Pattern" call_external_api(url, params), and sync_inventory uses a user-supplied warehouse_api_url), so untrusted third‑party content is read and interpreted as part of the STF workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README instructs using a remote container image at runtime (e.g., ghcr.io/{org}/{stf-name}:latest), which the platform would pull and run as code during STF execution, so this external URL can directly cause remote code execution.