ollama-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls Ollama's Web Search and Web Fetch endpoints (https://ollama.com/api/web_search and https://ollama.com/api/web_fetch) via the provided scripts (scripts/ollama-search.sh, scripts/ollama-fetch.sh), SDK examples, and an MCP tool integration, which ingest and surface untrusted public web page content to agents as part of the normal agent workflow (search → fetch → summarize), so third‑party page content can influence tool use and agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the runtime endpoints https://ollama.com/api/web_fetch (and https://ollama.com/api/web_search) to retrieve external page content which is then injected into agent/tool messages (e.g., web_fetch results appended to the model context), so remote content can directly control prompts and thus influence agent behavior.