PrivateInvestigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (e.g., Workflows/FindPerson.md Step 2 and the ReverseLookup.md and SocialMediaSearch.md workflows) explicitly instruct agents to fetch and scrape public third‑party sources such as TruePeopleSearch, LinkedIn/Facebook/Twitter/TikTok, county public record sites (e.g., publicrecords.netronline.com), and tools like Holehe/Sherlock/PimEyes, and to read and synthesize those results to drive follow‑up tool calls and decisions — exposing the agent to untrusted, user‑generated web content that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes runtime install-and-run instructions (e.g., "pip install holehe" then "holehe target@example.com" in ReverseLookup and "pip install sherlock-project" then "sherlock [username]" in SocialMediaSearch), which fetch and execute remote code from package repositories (e.g., https://pypi.org/project/holehe and https://pypi.org/project/sherlock-project) during workflow execution, so these are runtime external dependencies that execute remote code.