automate-whatsapp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's remote sandbox explicitly mounts GitHub repositories for agent use (references/agent-remote-sandbox.md and assets/agent-remote-sandbox-github-repo-example.json) and instructs the agent to "inspect the mounted repository" and read files before proposing or making changes, so untrusted third‑party repo content can be read and directly influence agent decisions and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's remote sandbox feature explicitly mounts and clones GitHub repositories at runtime (example repo_url: https://github.com/acme/acme-app) and instructs the agent via its system prompt to "Inspect the mounted repository" before acting, so externally fetched repo content can directly control agent prompts/behavior.