taskcluster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/tc.py fetches and parses a task group's public actions.json artifact from the Taskcluster artifacts URL (via get_actions_json which uses curl to <TASKCLUSTER_ROOT_URL>/api/queue/v1/task/<TASK_GROUP_ID>/artifacts/public/actions.json) and then uses values from that untrusted artifact (hookGroupId/hookId/hookPayload) to construct and trigger hooks, so third-party artifact content is both ingested and can materially change tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime (scripts/tc.py) fetches and parses actions.json from the Taskcluster artifact URL (e.g. https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/<TASK_GROUP_ID>/artifacts/public/actions.json) and uses the returned hookGroupId/hookId/hookPayload to construct and execute hook trigger payloads, so remote content directly controls what actions the skill performs.