opentester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md workflow and DSL include an "API Target" (base_url + path) and the "Create and Run Tests Workflow" calls run_case to execute those API requests and assert on responses (json_path/status_code), so the agent will fetch and interpret responses from arbitrary base_url URLs (potentially public/untrusted) that can influence decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installer script is explicitly designed to be fetched and executed (usage: curl -fsSL https://raw.githubusercontent.com/kznr02/OpenTester/main/opentester-skills/install.sh | bash) and that same install.sh performs runtime curl downloads from https://github.com/kznr02/OpenTester/raw/main/opentester-skills/... (e.g., SKILL.md) which would place skill prompt files that control the agent — so remote content can both execute code and directly control prompts at install/runtime.