bridle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly supports installing components from GitHub (e.g., "bridle install owner/repo" / "Install from GitHub"), so the tool fetches and ingests untrusted, user-generated repository content that it parses/installs and which can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes a runtime installer "bridle install owner/repo" (and examples like https://github.com/neiii/bridle) that fetches arbitrary GitHub repositories and installs/executes their components (skills/agents/commands/MCPs), which can directly supply prompts or executable code controlling agent behavior.