soultrace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md requires calling the public API at https://soultrace.co/api/agent and presenting the returned "question.text" values to the user as part of the adaptive test (Agent Interaction Protocol steps), so the agent ingests and acts on content from an open third‑party website that could contain malicious instructions enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls https://soultrace.co/api/agent at runtime to fetch the quiz questions that the agent must present (and accumulates answers), so this external endpoint directly controls the agent's prompts and is required for the skill to operate.