mkn-constructor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and imports content from untrusted public sources — e.g., references/install.md shows import_template_from_git (https://github.com/...) and references/analyze.md instructs the agent to ask for a template location and "discover all files" to read manifests/YAML, and references/connectors.md documents web_search/scrape connectors (exa-search, oxylabs, rss-feed, perplexity) whose outputs are fed into prompts, so third-party repo/web content is ingested and can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes template import from Git at runtime (e.g., import_template_from_git with repo_url "https://github.com/org/repo" and documentation linking https://github.com/machina-sports/machina-templates/tree/main/connectors), which would fetch remote YAML prompts and PyScript connector code that directly control agent instructions and can execute code.