direct-message

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly reads and acts on user-generated messages and notifications from the OpenAnt platform (e.g., via npx @openant-ai/cli@latest messages read <conversationId> --json and notifications list), so untrusted third-party content could influence the agent's replies and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly instructs running "npx @openant-ai/cli@latest" at runtime, which fetches and executes a remote npm package (executing remote code) and is required for the skill's functionality, so this is a runtime external dependency that can execute code.