prompt-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests files from public URLs (e.g., curl downloads of checksums.json, prompt-agent.skill and skill.json from https://clawsec.prompt.security/releases and GitHub/api.github.com as shown in SKILL.md and HEARTBEAT.md), and those remote skill.json/artifact files are parsed/installed and used to drive updates and runtime behavior, so untrusted third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads and installs runtime-controlled content (checksums.json, prompt/skill files and artifacts) from URLs such as https://clawsec.prompt.security/releases/download/$VERSION_TAG (and fallback GitHub release URLs like https://github.com/prompt-security/clawsec/releases/download/$LATEST_TAG/SKILL.md), and those fetched files directly determine the agent's prompts/behavior and are required for installation, so this is a high-confidence external-control dependency.