lessie

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (see references/domain-resolution.md and references/workflow-patterns.md plus SKILL.md tools list) explicitly instruct the agent to run lessie web-search and lessie web-fetch against public websites and social profiles and to use those extracted results (domains, job titles, news) to decide follow-up calls and searches, meaning the agent ingests untrusted, user-generated/public web content that can materially change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and executes remote packages at runtime (npm install / npx @lessie/cli and @lessie/mcp-server) and contacts the Lessie MCP endpoint which supplies tool schemas that directly influence agent calls—for example the MCP URL https://app.lessie.ai/mcp-server/mcp is used at runtime and can control prompts/execute remote code.