loading-assets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Loader (this.load) explicitly fetches arbitrary external URLs (e.g., absolute URLs like https://other-server.com/cloud.png, pack manifests via this.load.pack('pack1','assets/pack.json') shown in SKILL.md) and supports loading/processing JSON, HTML, script, and pack files (references/REFERENCE.md lists this.load.json, this.load.script, this.load.html, etc.), including examples where a downloaded JSON drives further loads via filecomplete events—meaning untrusted third-party content can be read and then directly influence what the agent loads or executes.