agent-output-parsing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md requires running the Configurator CLI and parsing its JSON output (e.g., .errors, .result) and even includes fetching the target saleor URL (curl -I $SALEOR_URL) as a troubleshooting step, which clearly ingests and acts on untrusted third-party responses that can change subsequent commands and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime examples repeatedly invoke "pnpm dlx @saleor/configurator", which fetches and executes remote package code from the registry at runtime (i.e., remote-executed CLI), so this is a required external dependency that executes remote code.