portlang

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes explicit, runtime flows that fetch and ingest arbitrary public web content (e.g., the http_get shell tool in reference/custom_tools.md and the "API Integration" recipe in reference/field_recipes.md which calls https://jsonplaceholder.typicode.com/users, plus HTTP MCP server examples), and the agent is expected to read and act on that fetched content as part of its workflow, creating a clear path for untrusted third-party content to influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config includes an MCP stdio tool that spawns npx at runtime to install/run @modelcontextprotocol/server-filesystem (i.e., fetching and executing third‑party code from npm at runtime) which exposes tool definitions and can therefore control agent actions — see the MCP registry link: https://github.com/modelcontextprotocol/servers.