write-spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and use the public Pantagruel language reference from https://raw.githubusercontent.com/subsetpark/pantagruel/refs/heads/master/REFERENCE.md via WebFetch, which is an open/public third‑party resource the agent will read and interpret as part of its operation and that could therefore inject instructions affecting behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs on first invocation to WebFetch https://raw.githubusercontent.com/subsetpark/pantagruel/refs/heads/master/REFERENCE.md and to use that fetched document as the authoritative language reference during runtime, meaning remote content is fetched at runtime and directly controls the agent's output/instructions which the skill depends on.