coding-mojo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch companion skill content from the public GitHub API (e.g., the curl to https://api.github.com/repos/modular/skills/contents/mojo-syntax/SKILL.md?ref=main) and to read those external skills as authoritative correction layers, which means untrusted public content would be ingested and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime curl that fetches companion skill content from https://api.github.com/repos/modular/skills/contents/mojo-syntax/SKILL.md?ref=main, which would load external instructions used as authoritative correction layers (the skill instructs “Always use” these companion skills), so the fetched content can directly control agent prompts at runtime.