sourcebot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Required Workflow explicitly instructs the agent to call list_repos, run search_code with filterByRepoIds, and use get_file_source to fetch file contents from external public repositories (e.g., Effect-TS/effect, vercel/ai), meaning the agent reads untrusted third-party repo content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates runtime fetching of external repository files via Sourcebot (e.g., github.com/Effect-TS/effect and github.com/vercel/ai) using list_repos/search_code/get_file_source, which will inject remote file contents into the agent context and thus can directly control prompts.