modeio-guardrail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs a default-on GitHub OSINT precheck (run_github_osint_precheck / "GitHub OSINT precheck" referenced in engine.scan_repository and prompts/static_repo_scan.md) that fetches public GitHub metadata/signals (untrusted third-party content) and uses those signals to alter the scan workflow and decisioning (e.g., generate high-risk findings and skip local scans), so third‑party content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CLI script modeio-guardrail calls the backend endpoint https://safety-cf.modeio.ai/api/cf/safety at runtime (overridable via SAFETY_API_URL), and the JSON response is used to gate/approve/deny and directly control whether agent instructions are executed, making this an external runtime dependency that affects agent behavior.