dialectic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs running external research subagents and spawning monks with allowedTools like web_search/web_fetch (Phase 1d, Phase 3) and even directs fetching random Wikipedia articles via the public API for lateral-domain injection (Phase 4.5), so the agent will fetch and interpret open/public third‑party content that can materially shape prompts and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the orchestrator at runtime to curl the Wikipedia API ("https://en.wikipedia.org/w/api.php?action=query&list=random&rnnamespace=0&rnlimit=50&format=json") to fetch random articles and inject their content into the analysis/context, which is external content fetched at runtime and placed into the model context; this meets the criteria for a runtime external dependency that can directly influence prompts/agent context.