adf-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and ingest public web content (see "How to Fetch" and the Context7 MCP usage plus curl/Invoke-WebRequest examples downloading raw GitHub scripts and "Use WebFetch for Microsoft Learn articles"), meaning the agent will read untrusted third‑party pages (community blogs, GitHub, Medium, StackOverflow) that can materially influence actions like CI/CD/deployment decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime download and execution of a PowerShell deployment script from raw.githubusercontent.com (https://raw.githubusercontent.com/Azure/Azure-DataFactory/main/SamplesV2/ContinuousIntegrationAndDelivery/PrePostDeploymentScript.Ver2.ps1), which fetches remote code that is executed as part of deployments, meeting the criteria for a runtime external dependency that executes remote code.