subgraphs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly supports ingesting external, public content via flags like --from-url <your-thegraph-deployment-url> and --from-ipfs-hash (with a public IPFS gateway), so the agent can fetch and incorporate untrusted GraphQL/IPFS-hosted subgraph code or data as part of deployment and indexing workflows.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command "curl https://goldsky.com | sh" which fetches and immediately executes remote code (installing the goldsky CLI) that the deploy flow depends on, so this is a high-risk external dependency.