game-engine-resources

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and parse public raw.githubusercontent.com files (e.g., the main README and the archive/description URLs under https://raw.githubusercontent.com/gmh5225/awesome-game-security/...), which are untrusted, user-generated third-party content that the agent must read and use to decide what to retrieve and how to respond, creating a clear indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching raw content at runtime from https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md (and related raw.githubusercontent.com archive/… and description/… URLs), which would be retrieved and injected into the agent’s context and thereby directly control prompts/responses.