kaggle-learner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires the agent to ingest public Kaggle competition pages ("Provide the Kaggle competition URL" and "The kaggle-miner agent will extract the winning solution") and to extract and act on those third‑party, user‑generated solutions as part of its knowledge‑updating workflow, which could allow indirect prompt injection from untrusted web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains code that scrapes and ingests external web content at runtime (e.g., build_openmath_dataset uses requests to fetch posts from https://artofproblemsolving.com and then feeds that content into LLM extraction prompts), so fetched content is used at runtime to control the agent's prompting/extraction pipeline.