oss-alternatives

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly runs TinyFish agents to scrape live public data from GitHub, the awesome-selfhosted README, and Reddit (e.g., GitHub search pages, repo pages, and Reddit search results) and passes that untrusted, user-generated content to the agent for extraction and ranking, meaning external page content can directly influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs TinyFish agents at runtime that fetch and scrape live GitHub pages and READMEs (e.g. https://github.com/search?q=open+source+alternative+{TOOL_NAME} and https://github.com/{CANDIDATE_REPO}#readme), injecting that external content into the agent/LLM context to determine feature parity and health — a required runtime dependency that directly influences the agent's outputs.