leetcode-coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly runs TinyFish agents to fetch pages from open sites (e.g., tinyfish agent run --url "https://leetcode.com/...", HackerRank and Codeforces URLs) and later calls tinyfish agent run --url "{CHOSEN_PROBLEM_URL}" to "Extract the complete problem description (exactly as written)", so untrusted public problem pages are ingested verbatim and can directly affect subsequent actions (file creation and inferred code signatures), enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues tinyfish agent runs that fetch external pages at runtime (e.g. https://leetcode.com/problemset/?difficulty={DIFFICULTY}&topicSlugs={TOPIC_SLUG} and the chosen problem URL {CHOSEN_PROBLEM_URL}) and explicitly extracts/verbatim-injects those page contents into the agent output, so the fetched remote content directly controls prompts and is required for the skill to work.