web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to query a local SearXNG instance (http://localhost:8888/search?q=...) that aggregates open/public engines (Google, Bing, Reddit, GitHub, etc.) and instructs the agent to read result snippets and fetch full pages, so untrusted, user-generated third‑party content is ingested and can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The provided setup.sh invokes "docker run ... searxng/searxng:latest" which at runtime will pull and execute the remote Docker image (docker.io/searxng/searxng:latest), so external content is fetched and executed and is required for the skill to run.