commander-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 (Commander Analysis) explicitly instructs the agent to perform WebSearch and run web-fetch on external URLs (e.g., web-fetch "<url>" --max-length 10000) and to use EDHREC/web research to read strategy articles and guides from public sites, so it ingests untrusted third-party web content that can influence subsequent decisions and tool invocation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs fetching external strategy articles at runtime (e.g., via web-fetch "") and lists external sources such as https://edhrec.com/articles/the-command-zone-commander-deckbuilding-template-for-the-new-era-the-command-zone-658-mtg-edh-magic-gathering, meaning remote page content can be pulled into the agent context and directly influence prompts/output.