daft-docs-navigation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads public documentation from https://docs.daft.ai and by cloning/reading the GitHub repo https://github.com/Eventual-Inc/Daft (docs/), so the agent ingests untrusted third-party web content that it will interpret and that could influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs cloning and/or fetching external documentation at runtime (git clone https://github.com/Eventual-Inc/Daft.git and/or fetching https://docs.daft.ai) and then uses that fetched docs content as the primary source to generate responses, meaning the remote content would directly control the agent's prompts/answers.