agentscout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automatically fetches public, user-generated GitHub content (e.g., README and code via GitHubSearcher and ProjectAnalyzer — see project_analyzer._get_full_readme, _get_key_files and github_searcher._get_readme_excerpt) and injects those untrusted contents into LLM prompts for scoring and generation (ProjectScorer, ProjectAnalyzer, Copywriter), meaning third‑party content can materially influence scoring, selection, and subsequent generated actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses PyGithub at runtime to fetch README and code from arbitrary GitHub repositories (e.g., https://api.github.com and https://github.com//), and those fetched repo contents are directly injected into LLM prompts to control the agent's output, which meets the conditions for a high-risk external dependency.