servanda

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md steps 5–6 and the WEBSOCKET.md) tells the agent to poll Servanda's public API (e.g., GET https://servanda.ai/api/bot/sessions/{session_id}/poll and/or connect to wss://servanda.ai/ws/agreement/{session_id}) and read mediator/participant messages (user-generated, untrusted) and then respond, meaning third-party content is fetched and directly influences the agent's decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes live runtime calls to servanda.ai (e.g., https://servanda.ai/api/bot/sessions and the WebSocket wss://servanda.ai/ws/agreement/{session_id}), and those responses (arbiter instructions and mediator messages/turn updates) directly drive the agent's behavior and are required for the skill to function.