agent-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's runner and interop workflow (SKILL.md "Runner / Entry Point" and references/interop-implementation.md) explicitly require connecting to external MCP/REST endpoints (e.g., discover_interop_tools and client.invoke_tool/search_documents) and ingesting their returned documents/tool outputs into agent execution, so untrusted third-party content can be read and influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s runtime interop examples and runner flow allow an endpoint that is executed as a stdio command—e.g. "npx -y @myorg/document-search-mcp"—which would fetch and run remote npm package code at runtime (and MCP discovery can also load remote tool definitions that are compiled into runtime tool classes), so this is a required runtime dependency that can execute remote code.