dial-your-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly connects to and queries the user's Sanity Agent Context MCP (e.g., "Connect to the user's Sanity Agent Context MCP" and "run the query via the MCP" in SKILL.md), ingesting user-generated dataset content via GROQ queries and using those results to craft / write the MCP Instructions and filters—so untrusted third-party content from the Sanity dataset is read and can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly supports a Path B mode that calls the MCP endpoint URL (e.g. https://api.sanity.io/vX/agent-context/{project}/{dataset}/{slug}?instructions=&groqFilter=) at runtime and uses the instructions query parameter to inject the agent's "Custom instructions" content, so externally-supplied URL content can directly control prompts.