requesthunt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to scrape and search public user-generated content from Reddit, X, GitHub, YouTube, and LinkedIn (e.g., the "Collect Data" / requesthunt scrape and search commands in SKILL.md), so the agent will ingest untrusted third-party content that can influence its analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires running a remote installer with "curl -fsSL https://requesthunt.com/cli | sh", which fetches and executes remote code at runtime and is presented as a required dependency for the skill.