prowler-attack-paths-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching public third‑party files (e.g., the pathfinding.cloud paths.json at https://raw.githubusercontent.com/DataDog/pathfinding.cloud/main/docs/paths.json in "Input Sources" and the Cartography schema from raw.githubusercontent.com in "Step 2: Determine Schema Source") and requires the agent to read and use those documents to design/produce openCypher queries, so external, public content can materially influence query generation and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of remote content that directly shapes generated queries (agent instructions)—for example the DataDog paths index fetched via https://raw.githubusercontent.com/DataDog/pathfinding.cloud/main/docs/paths.json (and the Cartography schema URLs like https://raw.githubusercontent.com/{org}/cartography/refs/tags/{version}/docs/root/modules/{provider}/schema.md) which are required to build/validate queries, so this is a runtime external dependency that can control agent behavior.