project-planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's AI/agents templates and examples (e.g., templates/AGENTS_CONFIG.md and references/example-outputs/ai-web-app.md) define tools like search_web and summarize_url that fetch arbitrary public web pages or search results and have the agent ingest and summarize those user-provided/untrusted URLs, which clearly exposes the agent to third‑party content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's summarize_url tool fetches arbitrary user-supplied pages at runtime (fetch(url)) and injects the fetched page text directly into the AI prompt (e.g., Summarize this article... ${text}), so external URLs can directly control model instructions and enable prompt‑injection.