source-eval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read and ingest external URLs and files (see "Step 1: ソース内容の把握" and examples like "このソースを評価して: https://..."), including public technical blogs and GitHub READMEs, so untrusted third‑party content would be parsed and could directly influence evaluation outcomes and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly reads arbitrary external URLs at runtime (e.g., "https://...") and injects the fetched source content into the agent's evaluation context to generate prompts and outputs, so remote content can directly control the agent's instructions.