tutor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly tells the tutor to fetch and use content from arbitrary URLs ("The user's input is: $ARGUMENTS
• URL: Fetch the content. If fetch fails, ask user to paste"), so the agent will read and act on untrusted third-party web content as its primary source, which can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and injects content from a user-supplied URL ("$ARGUMENTS" — i.e., the provided URL) at runtime and uses that content as the default source for teaching, so remote content can directly control prompts/instructions.