apply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "actually go look at" user-provided LinkedIn, GitHub, X, or blog profiles (public websites) and to reference what it finds, meaning the agent will fetch and interpret untrusted, user-generated third‑party content from the open web.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires runtime calls to https://go-people.goodoutcomes.ai (e.g., GET /challenge and POST /embed), whose returned hint and target_embedding directly determine the challenge prompts/similarity checks and are a required dependency for the skill's execution.