sourcing-selection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to route to and synthesize evidence from public platforms (e.g., skills/20-research/1688-research, amazon-research, google-trends-research, tiktok-research) so the agent will fetch and interpret untrusted, user-generated third‑party content (marketplace listings, social posts, trends) that can directly influence sourcing decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runtime calls the PostPlus hosted capability endpoints (e.g. ${config.apiBaseUrl}/api/postplus-cli/hosted/capability and ${auth.apiBaseUrl}/api/postplus-cli/auth/refresh) and uses the API's returned output directly as skill output/behavior (and throws if the hosted bridge is unavailable), so remote responses can control the agent's instructions at runtime.