signify-ts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's client API and workflows (references/client-api.md and SKILL.md) include .oobis().resolve(url, alias) and signedFetch(url, ...) which fetch and resolve arbitrary OOBI/external URLs provided at runtime and parse them to create contacts or drive requests, meaning untrusted third‑party content is ingested and can influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's ready() explicitly loads the blake3 WebAssembly from the CDN (https://cdn.jsdelivr.net/npm/blake3@2.1.7), which is fetched at runtime and executes remote code that the library depends on.