moai-core-agent-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the Research Engine to fetch and ingest external documentation (Context7 MCP calls and a fallback to WebFetch/WebSearch) — e.g., "Fetch documentation" and "Fallback Strategy: WebFetch if Context7 unavailable" in reference/research-engine.md and SKILL.md — and those third-party web docs (including OWASP and other public sites) are parsed and synthesized to drive model/template/tool selection, so untrusted public content can indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Research Engine explicitly fetches external documentation at runtime via Context7 MCP (see mcp__context7__get_library_docs with context7CompatibleLibraryID="/tiangolo/fastapi") and falls back to WebFetch, and those fetched documents are synthesized into agent prompts/instructions, so the external Context7/WebFetch content is a runtime dependency that can directly control prompts — flagged: /tiangolo/fastapi (Context7 MCP).