diagnose-sandbox-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow accepts a sandbox report URL (Phase 0 of SKILL.md) and instructs passing it to the mandatory gather-sandbox-context script, which will download arbitrary report JSON via curl (see downloadUrl in scripts/gather-sandbox-context.ts), meaning the agent must ingest and interpret untrusted third‑party content that can directly influence its analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The gather-sandbox-context script will download any user-supplied HTTP(S) report URL (reportPath starting with "http", e.g. "https://.../report.json") via curl, parse fields like taskId from that remote JSON, and then runs commands such as "npx nx run ", so remote content can directly cause code execution.