rust-dependency-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to WebFetch the public crates.io API (https://crates.io/api/v1/crates/{crate_name}), perform WebSearch queries, and even fallback to scraping public crates.io pages (Firecrawl curl to https://crates.io/crates/{crate_name}), and requires interpreting that third‑party content to decide upgrades or whether to ignore vulnerabilities—so untrusted external content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime WebFetch from https://crates.io/api/v1/crates/{crate_name} (with a fallback that POSTs to http://172.25.236.1:3002/v1/scrape and pipes the returned .data.markdown into prompts), so fetched remote content is injected into the agent's prompts and thus directly controls agent instructions.