truefoundry-prompts

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly allows runtime fetching of external agent cards and OpenAPI specs which can change agent behavior (e.g., "agent_card_url": "https://research-agent.example.com/.well-known/agent.json" and "spec: { type: remote, url: "https://api.weather.example.com/openapi.json\" }"), so these remote URLs are runtime dependencies that can directly control agent prompts/tools.