schelling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts and SKILL.md require calling the external Schelling API (default https://api.schelling.sh) to recall and fetch community "posts" / CIDs ("Fetch any that look relevant") and instruct the agent to use that retrieved shared memory as the first step to reshape its approach, meaning untrusted, user-generated third‑party content is fetched and intended to influence subsequent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The scripts invoke runtime curl requests to the external API at https://api.schelling.sh (endpoints like /fetch/{cid}, /post_many, /follow_up), and the README explicitly instructs fetching those returned items and "letting retrieved context reshape your approach," meaning remote content fetched at runtime can directly control the agent's prompts/behavior.