axolotl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes runtime utilities that fetch and parse public resources (e.g., cli.config.check_remote_config which downloads and parses HTTPS config URLs, and cli.utils.fetch.fetch_from_github which syncs files from GitHub), so it ingests untrusted, user-provided third‑party content that can materially alter configs and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill exposes cli.config.check_remote_config which at runtime fetches and parses an arbitrary HTTPS config URL (e.g., a raw GitHub URL like https://raw.githubusercontent.com/.../config.yml) and uses that YAML as the axolotl configuration (which can include prompt strategies and templates), so remote content can directly control prompts when a remote config is supplied.