stream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly routes operational queries to the stream-cli sub-skill to "query Stream data" (e.g., "list channels", "show flagged messages", "find users"), which requires fetching user-generated content from the Stream service and the router also uses stream-docs to fetch getstream.io documentation—so the agent is expected to ingest and act on external, user-generated/third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running a runtime install that fetches and executes remote code—e.g., "npx skills add GetStream/agent-skills --s stream -y"—to install required peer skills, so the agent will pull and run external package code as a required dependency.