customer-persona

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Step 1: Research explicitly instructs running infsh apps like tavily/search-assistant and exa/search/exa/answer to fetch and ingest public web/search results (open websites, forums, social media, etc.) which the agent is expected to read and use to build personas, so untrusted third‑party content can directly influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime commands (infsh app run tavily/search-assistant, infsh app run falai/flux-dev-lora, etc.) fetch and execute external apps from inference.sh (https://inference.sh), so it relies on and runs remote code that directly controls prompts/execution.