case-study-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 1 "Transcript" via google_drive_fetch) and Step 3 ("Read the full transcript carefully" to extract quotes, architecture, and metrics) show the agent will fetch and ingest arbitrary user-provided Google Doc content (untrusted third‑party content) and use it to drive decisions and outputs, so it exposes the agent to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches a required transcript at runtime via Google Doc URLs (e.g., https://docs.google.com) using google_drive_fetch, and that fetched content directly controls the agent's generated prompts/instructions, so this is a high-confidence runtime dependency.