agent-directory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs agents to fetch ctxly.com/services.json and then "Learn — Fetch the skill.md for services you need" (e.g., https://www.moltbook.com/skill.md), which requires reading arbitrary public third-party skill.md pages that could contain untrusted/user-generated instructions influencing agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of remote "skill.md" files (e.g., https://ctxly.com/services.json and follow-up URLs like https://www.moltbook.com/skill.md or https://ctxly.app/skill.md), which would inject external instructions that directly control agent behavior at runtime.