doko

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows /doko read (via the Dokobot API) reads arbitrary web pages and returns extracted page content and /doko search returns web search results, meaning the agent ingests untrusted public web content (pages, comments, snippets) that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The /doko update command explicitly runs curl to fetch and overwrite the skill file from https://dokobot.ai/api/tools/skill at runtime, allowing remote content to directly change the agent's instructions and thus posing a high-risk external dependency.