crypto-protocol-diagram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly calls out WebFetch and in Step S1 of SKILL.md instructs "URL provided → fetch with WebFetch" to ingest specification text from arbitrary URLs, so untrusted public web content would be read and used to drive the agent's extraction and follow-up diagramming actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's Spec Workflow (S1) explicitly fetches user-provided URLs via the WebFetch tool at runtime and injects the fetched spec text into the agent's processing context (i.e., any user-supplied http(s) URL fetched with WebFetch can directly control the agent's prompts/behavior) — flagged: user-supplied URL fetched by WebFetch (no fixed URL present in the skill).