product-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Generating Visuals" workflow explicitly instructs using the infsh/agent-browser via belt app run infsh/agent-browser --input '{"url": "https://your-app.com/new-feature", "action": "screenshot"}', which requires fetching and interpreting arbitrary public webpages as part of the normal workflow and thus exposes the agent to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires the inference.sh CLI ("belt") and uses belt app run to invoke remote apps (e.g., falai/flux-dev-lora) via the inference.sh platform (https://inference.sh), which causes remote code/models to be executed at runtime, so it depends on an external service executing code.