prompt-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls the prompts.chat MCP server (search_prompts/get_prompt) to fetch and display user-submitted prompts from a public prompt library, so the agent ingests and interprets untrusted, third-party content from prompts.chat.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls remote prompts.chat MCP tools (e.g., search_prompts / get_prompt / improve_prompt against prompts.chat) at runtime to fetch prompt text that is injected into and directly controls the agent's prompts, so prompts.chat (https://prompts.chat) is a required external dependency that can control agent behavior.