use-sapiom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes the agent to open/public web content — e.g., sapiom_fetch, sapiom_scrape, sapiom_crawl in references/scraping.md and sapiom_search/sapiom_deep_search in references/search.md — and SKILL.md recipes (like "Research a Topic": sapiom_search → sapiom_fetch → sapiom_chat) require the agent to read and act on that untrusted third‑party content, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses the Sapiom compute gateway at runtime (https://compute.services.sapiom.ai) — e.g., sapiom_run and sapiom_sandbox_exec — which execute arbitrary code you send, and the skill depends on that external endpoint to run/execute remote code.