agent-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly grants and uses WebSearch/WebFetch to fetch open web pages, GitHub repositories, tutorials and community content (see SKILL.md, references/code-templates.md, and LESSON.MD) which the orchestrator and subagents are instructed to read and act on (e.g., spawn subagents, run Bash, write to Notion), so untrusted third‑party content can materially influence tool selection and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill configures an MCP server that is launched at runtime via npx (args: ["-y", "@notionhq/notion-mcp-server"]) — i.e. it fetches and executes remote npm package code at runtime and the agent uses the resulting mcp_notion_* tools as a required dependency for Notion output, which meets the criteria for a risky external execution dependency ("npx @notionhq/notion-mcp-server").