arl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's instructions explicitly require cloning and analyzing public GitHub repositories (see references/expert-repos.md and ARL-agent-instructions.md which direct the orchestrator/experts to git clone and read framework repos and external URLs), so the agent will fetch and interpret untrusted, user-generated third-party content that can influence decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill manifest and instructions explicitly run git clone on external repositories at runtime (see e.g. https://github.com/bitflight-devops/stateless-agent-methodology), and agents are instructed to read those cloned source files to generate evidence-backed prompts/responses, so fetched remote content directly controls agent behavior during execution.