chat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries the external keri.host chat API via the ask_keri_chat tool (and a curl fallback to https://chat.keri.host/api/chat) and its personas/guidelines require consulting those API responses before making spec claims, so third‑party content from that public endpoint can directly influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the external chat API at https://chat.keri.host/api/chat at runtime to retrieve answers and citations that directly determine the agent's responses, and the skill relies on that service for spec-grounded replies.