a0x-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends user-provided project URLs (e.g., GitHub repos or websites) to the remote jessexbt/chat tool for review ("When user shares a project URL" / "Project URLs" in Data Transparency), meaning the agent will ingest and interpret arbitrary public, user-generated web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime MCP calls to https://services-a0x-agents-mcp-dev-679925931457.us-west1.run.app (e.g., /mcp, jessexbt/chat, knowledge/*), and those live responses are used to control agent prompts/behavior and are a required remote dependency.