rstack-distribute

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests the public resolved.sh page via curl (https://$RESOLVED_SH_SUBDOMAIN.resolved.sh?format=json) and then reuses fields like md_content and agent_card_json to generate SKILL.md and other listing artifacts, so untrusted, user-provided page content could indirectly inject instructions that influence generated outputs and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs a runtime curl against https://$RESOLVED_SH_SUBDOMAIN.resolved.sh?format=json and then injects fields (including md_content/description/agent_card_json) from that fetched JSON into generated listing artifacts, so the external resolved.sh content can directly influence the agent's outputs and is a required dependency.