workflow-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory research steps (Step 2.5 "Workflow Pattern Research" which calls WebSearch(...) and the "Research Gate" section that mandates mcp__Exa__web_search_exa and WebFetch to arXiv) require fetching and interpreting open/public web content (untrusted user/third-party sources) and use those findings to shape workflow design and agent behavior, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Research Gate mandates runtime web fetches (via mcp__Exa__ calls and an explicit WebFetch example) to arXiv — e.g. "https://arxiv.org/search/?query=&searchtype=all&start=0" — and these fetched results are required for research that will be used to shape workflow prompts and decisions, so this external URL is used at runtime and can directly influence agent instructions.