ai-taking-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs creating and using a "search" tool ("Search the web for information") and shows agents built with web-facing LangChain tools (DuckDuckGoSearchRun, WikipediaQueryRun) and HTTP fetches (wttr.in, ColBERTv2 URLs), so the agent will ingest open/public third-party content and use it in its decision/action loop, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls dspy.ColBERTv2 at runtime against http://20.102.90.50:2017/wiki17_abstracts to fetch text that is concatenated into the agent's context (i.e., injected into prompts), so this external URL directly controls the agent's instructions/output and is a required runtime dependency.