case-study-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using belt app run commands (e.g., tavily/search-assistant, exa/search, exa/answer) to research industry benchmarks and competitor landscape from public web/search results, meaning the agent will fetch and interpret open, potentially user-generated third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and runs the inference.sh CLI (https://inference.sh) via "belt app run" (e.g., infsh/python-executor), which at runtime executes remote apps/code on that external service, so the URL is a runtime dependency that executes remote code.