render-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly analyzes and ingests user Git repositories hosted on third-party providers (GitHub/GitLab/Bitbucket) — e.g., "Step 1: Analyze Codebase" and notes that Render clones your repository — so it will read arbitrary user-generated content from public/third‑party Git hosts, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill declares and depends on the external MCP server endpoint https://mcp.render.com/mcp (in agents/openai.yaml and the MCP setup instructions) which is invoked at runtime as a tool/transport to execute remote actions (create services, run deploy operations), so this external URL can directly cause remote code/actions and is a required runtime dependency.