tapestry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and extracts content from arbitrary URLs (see "Step 2: Extract Content" and the code using curl/trafilatura/reader and the PDF download in SKILL.md), then automatically uses that untrusted user-provided web or PDF content to create action plans—allowing third-party page content to influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill downloads and extracts the user-supplied URL at runtime (the $URL argument, e.g. any http(s)://.../resource or .pdf) and then injects that fetched article/PDF content into the workflow to generate the action-plan prompts, so remote content directly controls the agent's instructions.