kggs-well-logs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public well data and LAS files from third-party URLs (e.g., the KGS ORDS API at https://chasm.kgs.ku.edu and LAS download URLs like https://www.kgs.ku.edu/WellLogs/logs/LAS/NNNNNN.las) and its SKILL.md workflow (Step 3–4) requires downloading and parsing those external files to drive analysis and next actions, meaning untrusted public content can materially influence the agent's behavior.