coordination

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires running the /osint skill during Phase 2 (SKILL.md: "always run /osint skill in parallel for repository and code exposure analysis") and the PATT integration requires a patt-fetcher agent to pull payload lists from a public raw GitHub URL (patt-url: https://raw.githubusercontent.com/... in PATT_STANDARD.md), which are untrusted, user-curated third‑party sources whose content the agents ingest and use to drive testing payloads and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running the "patt-fetcher" agent at runtime to fetch PATT payload content from raw GitHub (https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/), and those fetched payloads would directly control test payloads/prompts used by executors, so this is a high-confidence runtime external dependency.