lyft-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md installation and Platform Support explicitly instruct the agent to "Read https://raw.githubusercontent.com/..." (a public raw GitHub URL) and apply that content to the agent's config, meaning the agent is expected to fetch and ingest untrusted third‑party webpage content that can alter its system prompt/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs agents to "Read https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/enterprise/lyft/lyft-engineer/SKILL.md and apply lyft-engineer skill," which directs the runtime fetch of remote content that would directly control agent prompts/instructions.