garrytan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to run web searches and "read the top 2-3 results" in Phase 2.75 (Landscape Awareness) and to run Codex with --enable web_search_cached in Phase 3.5 (and also offers opening an external URL in the preamble), so it clearly ingests public third‑party web content that can influence decisions in the workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's SETUP step runs "curl -fsSL https://bun.sh/install | BUN_VERSION=1.3.10 bash" at runtime if bun is missing, which fetches and executes remote code from https://bun.sh and is relied on to build the browse tooling.