prowler-attack-paths-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and parse public third-party data (e.g., path definitions from https://raw.githubusercontent.com/DataDog/pathfinding.cloud/main/docs/paths.json and Cartography schema files via raw.githubusercontent.com based on api/pyproject.toml) and to use that content to build and scope openCypher queries, so untrusted external content can directly influence query construction and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of remote content (e.g., curl https://raw.githubusercontent.com/DataDog/pathfinding.cloud/main/docs/paths.json and the versioned Cartography schema at https://raw.githubusercontent.com/{org}/cartography/refs/tags/{version}/docs/root/modules/{provider}/schema.md), and those fetched JSON/markdown files are used to populate attack-path definitions and query content at runtime, thereby directly controlling the agent's prompts/behavior.