formal-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's bootstrap and runtime explicitly fetch and install Apalache from GitHub (scripts/install-deps.sh downloads https://github.com/.../apalache/releases/...), then runs that third-party TLA+ engine (scripts/run-apalache.sh) whose counterexample output is parsed and merged into the agent context per references/agent-feedback-loop.md, so externally fetched/untrusted content can influence the agent's verification decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The bootstrap script (scripts/install-deps.sh) fetches and installs the Apalache binary at runtime from https://github.com/apalache-mc/apalache/releases/download/v${APALACHE_VERSION}/apalache.tgz — a required dependency that the skill downloads and executes to run Layer 2 (TLA+/Apalache) checks, so remote code is fetched and run during skill operation.