bisimulation-game

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Firecrawl Integration" task and the listed "sources" (e.g., https://github.com/topics/ai-agent-skills and other public web domains) plus numerous public gists under "Starred Gists" explicitly instruct the agent to discover, fetch and convert web-hosted, user-generated skills into .ruler/skills/, so it will ingest untrusted third-party content as part of its workflow and is exposed to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Firecrawl "skill-discovery" MCP task in the skill uses external sources (e.g. https://github.com/topics/ai-agent-skills, https://modelcontextprotocol.io/, https://agentclientprotocol.com/) as runtime "sources" to discover and write skill YAMLs into .ruler/skills/, which means fetched remote content can directly alter agent instructions/behaviour and potentially introduce executable skill code.