project-planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly defines agent tools that fetch and ingest arbitrary public web content (e.g., summarize_url uses fetch(url) and search_web calls a public Brave Search API in references/example-outputs/ai-web-app.md and templates/AGENTS_CONFIG.md), so untrusted third-party pages/URLs would be read and could materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's summarize_url tool fetches arbitrary user-supplied webpages at runtime (via fetch(url)) and injects the fetched HTML/text into the model prompt (e.g., prompt: Summarize this article...${text}), so external URLs (the user-provided fetch(url) target) can directly control prompts.