research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly directs the agent to use WebSearch and WebFetch to read full documentation and community sources (e.g., Stack Overflow, GitHub, public docs) and to extract code/examples that will inform recommendations and actions, exposing the agent to untrusted third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs using WebFetch at runtime to read external documentation and extract code/examples (e.g., site:github.com/[org]) so fetched content from URLs like site:github.com/[org] would be injected into the agent context and could directly control prompts or supply executable code.