last30days-surf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated public content (Reddit, X/Twitter, YouTube, TikTok, Instagram, Threads, Hacker News, Polymarket and "the open web") via the engine fan-out (see SKILL.md "How the engine fans out" and Step 0.75) and then instructs the agent/LLM judges to read and rerank that untrusted evidence (see the "EVIDENCE FOR SYNTHESIS" envelope and references/rerank.md with the <untrusted_content> fence), so third‑party content is read and can directly influence planning, reranking, and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill routes its planner and rerank/"LLM-judge" calls at runtime through Surf's inference API (POST https://surf.cascade.fyi/api/v2/inference/v1/chat/completions), whose returned text is used to drive the agent's planning, ranking, and synthesis—i.e., remote content directly controls agent instructions—and the pipeline is designed to rely on Surf for the non-degraded/full workflow.