rw-fetch-api-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires fetching and using the live API docs at https://docs.dev.runwayml.com/api/ as the authoritative source before integrations, meaning the agent will read and act on external public website content that can alter endpoints/parameters and thus influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching and using the live API docs at https://docs.dev.runwayml.com/api/ during runtime as the authoritative source to drive integration guidance, meaning the fetched content directly controls the agent's prompts/instructions.