obsidian-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The defuddle sub-skill (skills/defuddle/SKILL.md) explicitly instructs the agent to fetch and parse arbitrary web pages supplied by a user (e.g., "defuddle parse --md" and "Use ... when the user provides a URL to read or analyze"), meaning untrusted third‑party content will be ingested and can influence subsequent interpretation and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The defuddle sub-skill explicitly runs "defuddle parse " at runtime (fetching an arbitrary user-supplied URL such as https://example.com/article) to retrieve remote page content that would be injected into the agent's input/prompt, so the fetched URL content can directly control agent behavior.