warden-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Warden explicitly fetches and runs remote skills from public GitHub repos (e.g., "warden add --remote getsentry/skills", "sync", remote = "...") and exposes WebFetch/WebSearch tools, so the agent will ingest and interpret untrusted, user-generated web content and skill files from the open web.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly supports fetching remote skills at runtime from GitHub repos (e.g., getsentry/skills — https://github.com/getsentry/skills), and those fetched SKILL.md files directly provide the agent's instructions/prompts and are used as required remote dependencies in warden.toml.