add-atomic-chat-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill registers MCP tools that call the Atomic Chat API (e.g., http://host.docker.internal:1337 or a custom ATOMIC_CHAT_HOST) and instruct the agent to use atomic_chat_list_models and atomic_chat_generate to fetch model outputs (models downloaded from the Atomic Chat Hub or a custom host) which the agent will read and act on, so untrusted third-party model responses can indirectly inject instructions into the agent's workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime HTTP requests to the local Atomic Chat API (e.g., http://host.docker.internal:1337/v1/chat/completions and /v1/models) and directly uses the returned model outputs as tool responses that influence agent behavior, with Atomic Chat required for the skill to function.