content-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required runtime instructions explicitly say "the user might paste the draft directly, share a file, or point to a URL" and mandate "read the full piece before doing anything else," which means the agent will fetch and interpret arbitrary user-provided/public URLs (untrusted third‑party content) as part of its evaluation workflow, and those pages can materially influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill requires runtime calls to Tiger Den (e.g., list_marketing_references() and get_marketing_context(slugs: [...])) which fetch external reference documents that directly drive the agent's prompts/rubrics and are required for operation, so the Tiger Den API endpoints are a high-confidence external dependency.