route-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3B researcher agents (in SKILL.md) explicitly fetch and scrape user-generated content from public sites—PeakBagger, SummitPost, WTA, AllTrails, Mountaineers—using WebFetch/cloudscrape.py and then synthesize that trip-report content into route analysis and automated report generation, so untrusted third‑party text can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs uvx commands that fetch and execute code from the git URL at runtime (e.g., uvx --from git+https://github.com/dreamiurg/peakbagger-cli.git@v1.7.0), which is a required dependency used to perform peak searches and therefore directly executes remote code during skill execution.