agent-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's Step 0 explicitly requires fetching and reading the live OpenHands docs at https://docs.openhands.dev/sdk/guides/agent-file-based (and falling back to a local references/fallback.md only if that fetch fails), meaning the agent ingests public third-party web content that directly determines file-format fields, tools, save paths, and generation behavior and thus could be influenced by injected instructions on that page.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill explicitly requires fetching and reading the live spec at https://docs.openhands.dev/sdk/guides/agent-file-based at runtime and uses the fetched sections to populate and constrain the agent's prompts and generation rules, so the external content directly controls agent behavior.