telnyx-ai-inference-ruby

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents the "Embed URL content" endpoint (POST /ai/embeddings/url) which crawls and loads content from a specified arbitrary URL (and linked child pages) into storage for embedding/search, meaning untrusted public web content can be ingested and subsequently influence model/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). I flagged the user-supplied URL passed to the POST /ai/embeddings/url endpoint because at runtime the skill will crawl and fetch arbitrary external website content (the "url" parameter) and load it into embeddings/storage, which can be injected into model context and thus directly influence agent prompts/responses.