printing-press

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and probes arbitrary URLs (Phase 0 content probe via WebFetch), performs browser-sniffing/Chrome captures (Phase 1.7), and runs crowd-sniff/web searches and GitHub/npm code reads (Step 1.5a / Phase 1.8), and those untrusted, user- or web-originated artifacts are ingested and merged into the research/absorb manifest and generation pipeline—meaning third‑party content directly informs tool decisions and generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches any user-supplied URL at runtime (e.g., example invocation /printing-press https://postman.com and the WebFetch/URL-probe flow), treating returned content as an OpenAPI/HAR spec or discovery input that directly drives prompts, decisions, and code generation—so arbitrary remote content (including raw GitHub/pastebin URLs) can control the agent's behavior at runtime (e.g., https://postman.com, raw GitHub content URLs), creating a high-risk prompt-injection/remote-control vector.