axolotl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s docs and workflow show it ingests external public content (e.g., SKILL.md’s “To refresh this skill… re-run the scraper” and the API references for cli.config.check_remote_config which fetches and parses arbitrary HTTPS config URLs and cli.utils.fetch.fetch_from_github), meaning the agent can fetch and interpret untrusted third‑party URLs whose contents can change runtime behavior (configs/commands).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes runtime fetchers (see cli.config.check_remote_config: https://docs.axolotl.ai/docs/api/cli.config.html and cli.utils.fetch.fetch_from_github: https://docs.axolotl.ai/docs/api/cli.utils.fetch.html) that will download and parse arbitrary HTTPS-hosted configs/files at runtime—content which can directly control prompts/behavior—so this is a high-confidence risk.