docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to fetch and summarize live TrueFoundry documentation pages (e.g., https://truefoundry.com/docs/..., via curl or WebFetch) and also references other remote sources (GitHub/NGC release pages, HuggingFace artifacts, remote OpenAPI specs, and agent_card_url endpoints) which the agent is required to read and which could materially influence deployments or tool behavior, exposing it to untrusted public web content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly allows fetching remote OpenAPI specs and hosted A2A agent cards at runtime (e.g. https://api.weather.example.com/openapi.json and https://research-agent.example.com/.well-known/agent.json), and the docs state these remote specs/agent_card URLs are fetched and converted into MCP tools or agent behavior that directly influence agent prompts/capabilities.