agent-sdk-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and analyze public web content (https://docs.openhands.dev/llms.txt) and to clone public GitHub repositories (github.com/OpenHands/software-agent-sdk and github.com/OpenHands/docs), so it will read and interpret untrusted third-party content from the open web.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent at runtime to fetch and clone external resources — https://docs.openhands.dev/llms.txt, https://github.com/OpenHands/software-agent-sdk/tree/main/examples/01_standalone_sdk, and https://github.com/OpenHands/docs/tree/main/sdk — and to use those files to understand the SDK and build/execute the implementation, meaning remote content can directly control prompts or supply executable code.