flow-nexus-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly defines "researcher" agents with a "web_search" capability and includes a "Research & Analysis Pattern" task to "Research machine learning trends..." which clearly requires fetching and interpreting open/public web content (e.g., arbitrary web pages/search results) that could influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running "npx flow-nexus@latest mcp start" which fetches and executes remote code from the flow-nexus package (see https://github.com/ruvnet/flow-nexus / https://flow-nexus.ruv.io), so an external dependency is fetched at runtime and can execute code the agent relies on.