tutor-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's URL mode (Phase W1: "진입 URL 가져오기") uses WebFetch to fetch and sequentially collect the full text and internal pages of arbitrary http(s) entry URLs (and document mode also accepts "web" sources), so the agent reads and acts on untrusted public web content as part of its required workflow, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's URL mode explicitly uses WebFetch at runtime to fetch the user-provided http(s) entry URL (i.e., any http:// or https:// URL passed to WebFetch in Phase W1), and that fetched page content is injected into the agent's processing/context to drive note-generation, so remote content can directly influence prompts.