novita-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to fetch live reference files from public URLs (e.g., raw.githubusercontent.com entries in the Documentation Map and the "Dynamic Data (Always Fetch Live)" curl to https://api.novita.ai and links to novita.ai), so the agent will ingest public third-party web content that can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the skill explicitly directs fetching reference files from raw GitHub (e.g. https://raw.githubusercontent.com/novitalabs/novita-skills/main/skills/novita-docs/references/quick-start.md), and those remote markdown files are used as required input that directly informs/controls the agent’s responses.