deck-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires WebSearch/WebFetch and the web-fetch script in Step 2 (Metagame Research) and the combo-first path (referencing Commander Spellbook and public decklist sites) to fetch and parse public decklists and crowdsourced combo pages, which the agent then uses to drive archetype choice and skeleton generation—i.e., untrusted third-party content directly influences decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls WebSearch/WebFetch (and a web-fetch script) to retrieve external decklists at runtime and then parses that fetched content as the “skeleton foundation,” meaning arbitrary remote web pages (via web-fetch) directly control the agent's output; no specific safe URL is enforced.