agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and workflow explicitly configure webhook/client tools that call arbitrary HTTPS endpoints (see "Public-API Webhook Examples" in SKILL.md and the webhook tool definitions in references/client-tools.md which show calls to wttr.in, Wikipedia, and custom api URLs), and those third-party responses are returned to and interpreted by the agent as part of its conversation/tooling flow, enabling untrusted content to influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill embeds and requires the remote runtime script https://unpkg.com/@elevenlabs/convai-widget-embed which is fetched and executed in clients at runtime (remote JavaScript execution) and is a required dependency for the widget to function.