awaken

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read public GitHub repositories and issue comments (e.g., Step 2: "/learn https://github.com/Soul-Brews-Studio/opensource-nat-brain-oracle" and gh issue view commands) and to run /trace --deep which searches repo files, Git history, and GitHub issues (Step 3), and those findings are required to shape the Oracle's identity and subsequent actions (CLAUDE.md, philosophy, announcements), so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs runtime fetch-and-execute commands (curl -fsSL https://bun.sh/install | bash) and instructs the agent to /learn and /trace GitHub repositories such as https://github.com/Soul-Brews-Studio/opensource-nat-brain-oracle which are fetched at runtime and used to drive the agent's prompts/behavior, so these external URLs are required and can directly execute code or control prompts.