dev-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and vendor scripts show the skill crawls and enriches public, user-generated content from Reddit, X/Twitter, Hacker News, Dev.to, Lobsters, Threads and ProductHunt (see "Data Sources" in SKILL.md and vendor/chromux-search/web-search.mjs and vendor/hn-search/hn-search.py), then explicitly reads and synthesizes those posts/comments in Step 2/Step 3 to produce recommendations, so untrusted third‑party content can directly influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The web-search.mjs runtime opens Google search URLs (https://www.google.com/search?q=...) and then visits and enriches arbitrary result pages (e.g. https://reddit.com/..., https://x.com/..., https://dev.to/..., https://lobste.rs/..., https://threads.net/...) and injects that fetched page content into the agent's output/context, meaning remote pages fetched at runtime directly control the model's prompts and results.