service-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow instructs the agent to fetch and interpret live service endpoints (Layer 2 health checks and Layer 3 endpoint smoke tests, including parsing /openapi.json from the tested host), which are untrusted third-party responses that can materially influence follow-up checks and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly documents runtime-fetching of external agent/MCP specs (e.g., agent_card_url "https://research-agent.example.com/.well-known/agent.json" and remote OpenAPI spec "https://api.weather.example.com/openapi.json"), which are fetched at runtime and converted into agent/tool behavior, so remote content can directly control prompts or capabilities.