add-karpathy-llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to ingest arbitrary external sources (Step 3 asking about URLs/PDFs and Step 4 "URL handling note" recommending using curl, fetch, or agent-browser to download and extract full web pages), meaning the agent will fetch and interpret untrusted third‑party web content that can influence its tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to download arbitrary external documents at runtime using commands like curl -sLo sources/filename.pdf "", and those fetched files are then ingested and used to drive the agent's prompts/behavior, meaning external URLs can directly control agent instructions.