defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to fetch and read arbitrary public URLs via the defuddle.md service (e.g., "Any URL the user asks you to read — articles, blog posts, docs, tweets, forum threads" and the curl usage), which exposes the agent to untrusted, user-generated third-party content that it will interpret and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls the external service via curl (defuddle.md/) at runtime to fetch arbitrary webpage content that is injected into the agent's context and can therefore control prompts/instructions, so defuddle.md is a required runtime dependency that poses risk.