dep-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Step 3 explicitly instructs TinyFish agents to scrape live public pages (https://cve.mitre.org, https://github.com/advisories, https://www.npmjs.com/advisories) and parse their visible listings as input that directly drives vulnerability detection and fix recommendations, thereby exposing the agent to untrusted third‑party content that could carry adversarial instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill launches TinyFish agents at runtime that fetch and inject live pages from CVE/MITRE (https://cve.mitre.org/cgi-bin/cvekey.cgi?...), GitHub Advisories (https://github.com/advisories?query=ecosystem%3Anpm&order=newest), and npm advisories (https://www.npmjs.com/advisories) (with a fallback to https://nvd.nist.gov/...), and those fetched pages are required runtime inputs that are scraped into the model context (i.e., injected into the agent's working prompt), so a malicious or manipulated page could directly influence agent outputs.