deco-incident-debugging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The headless workflow explicitly instructs the agent to fetch and parse external, potentially public third‑party content (e.g., SEARCH_LOGS from HyperDX, MONITOR_SUMMARY/MONITOR_* CDN metrics, curl requests to https://SITE.com/affected-page, and running remote code via deno run -A https://deco.cx/validate), and to use those results to drive autonomous diagnosis and code changes — these external, user/third‑party controlled inputs are read and can materially influence tool use and actions, creating a pathway for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes deno run -A https://deco.cx/validate during diagnostics and the autonomous auto-fix workflow, which fetches and executes remote code at runtime (https://deco.cx/validate), making it a runtime external dependency that can execute code.