sherlock

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run the Sherlock CLI against "400+ social networks" (see "Execute Search" and "Parse and Present Results" sections), which fetches and parses untrusted public/social-media content that the agent must read and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running the Sherlock CLI which fetches and executes remote code (e.g., https://github.com/sherlock-project/sherlock and pip/docker pulls for sherlock-project), so the external repository/image is a runtime dependency that executes remote code.