ark-vulnerability-fixer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch CVE details from the public CIRCL CVE API (https://cve.circl.lu/api/cve/{CVE-ID}) and to use the "research" skill to browse vendor advisories and GitHub/security web pages, which are untrusted third‑party sources that the agent must read and that can materially influence mitigation and action decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent/user to clone and then build/run code from the remote repository git@github.com:mckinsey/agents-at-scale-ark.git (and fork variants), which means runtime fetching of that repo is a required dependency and its contents may be executed locally as part of the fix/test workflow.