Research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflows (e.g., Workflows/ExtractAlpha.md, Workflows/ExtractKnowledge.md, Workflows/YoutubeExtraction.md, Workflows/Retrieve.md and WebScraping.md) explicitly instruct the agent to fetch and scrape public third‑party content (fabric -y for YouTube, WebFetch/WebSearch, BrightData mcp__brightdata__scrape_as_markdown, and Apify actors) and then read/analyze that content as part of its workflow, which exposes the agent to untrusted user-generated web content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning the Fabric repository at runtime ("git clone https://github.com/fabric-project/fabric.git") and then loads pattern files from that repo which directly define agent prompts/behaviour, so fetching that remote git URL would supply code/prompt templates that control agents at runtime.