compare-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's job patterns and workflow explicitly instruct calling arbitrary external agent endpoints and importing/running external agents (see resources/job-patterns.md examples like fetch("<CREW_ENDPOINT>") and the Vercel HTTP POST to "<VERCEL_AGENT_ENDPOINT>"), so the agent ingests untrusted third‑party responses which are then interpreted and used to drive scoring and experiment decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The evaluator scorer calls the orq API at runtime (default ORQ_BASE_URL https://api.orq.ai) via orq.evals.invoke with a remote evaluator ID, so the skill depends on externally-stored evaluator content that directly controls the evaluation prompt/instructions.