bruno-api-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and references show it issues HTTP requests to arbitrary endpoints (e.g., http.url fields like "{{baseUrl}}/users" in SKILL.md and the bru.sendRequest example in references/javascript-api.md), reads res.body/response data in scripts, and uses that data to set env vars, skip requests, or setNextRequest—so untrusted third-party responses can directly influence execution flow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running the remote npm package @usebruno/cli (installed via "npm install -g @usebruno/cli", which is fetched from the npm registry e.g. https://registry.npmjs.org/@usebruno/cli) during runtime — this fetches and executes external code that the skill depends on, so it constitutes a runtime external dependency that can execute code.