fragno-author

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the workflow to "always curl the full docs page" (see the "Docs lookup" section with curl commands to https://fragno.dev/...), which requires fetching and interpreting public third‑party webpages that can influence how the agent builds/changes fragments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching Fragno documentation at runtime via curl (e.g. https://fragno.dev/docs/fragno/for-library-authors/getting-started and related https://fragno.dev/* endpoints and the search API https://fragno.dev/api/search?query=defineRoutes), meaning external markdown content is fetched during runtime and used to directly guide implementation/instructions for the agent.