office-hours

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs WebSearch and instructs the agent to "read the top 2-3 results" in Phase 2.75 (Landscape Awareness) and also includes commands to open external URLs (e.g., the lake intro/open and resource-opening steps), so it fetches and ingests public, untrusted web content that is then used to inform and change recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup step (when browse/setup is needed) downloads and executes the Bun installer via curl -fsSL "https://bun.sh/install" and then runs it, which fetches and executes remote code at runtime as a required dependency for the browse build.