qcsd-ideation-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's URL-Based Analysis Mode explicitly fetches live web content via scripts/fetch-content.js / Playwright/WebFetch in "PHASE URL-1" and then injects that fetched ${content} and ${URL} directly into mandatory agent prompts (e.g., Phase URL-3 and conditional agent Task() calls), exposing the agent to untrusted third-party webpages that can influence actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches a user-supplied target URL at runtime (via commands like npx aqe fetch-content "${URL}" or node ./scripts/fetch-content.js "${URL}") and then injects the retrieved page content into agent prompts (e.g., ${content} inside Task prompts), so remote content from the flagged URL (${URL}) directly controls agent instructions and is a required runtime dependency.