outside-in-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly includes steps that fetch and inspect public web/GitHub content (e.g., "Framework Freshness Check" that queries GitHub releases, shadow-integration examples that git clone public repos, and web actions like navigate/url in YAML scenarios) so the agent is expected to read untrusted, user-hosted pages which can influence test behavior and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runnable test steps that fetch and execute remote code at runtime (for example the real-world test runs uvx --from git+https://github.com/rysweet/amplihack which pulls and executes external code), so the URL git+https://github.com/rysweet/amplihack is used to fetch/execute required runtime code.