truefoundry-secrets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows and documents fetching external OpenAPI specs and external agent_card_url/hosted-a2a-agent endpoints (see references/manifest-schema.md: "Remote specs are fetched at runtime..." and "agent_card_url and hosted-a2a-agent sources are fetched at runtime..."), which are untrusted third‑party URLs whose content is parsed and converted into MCP tools or agent behavior and therefore can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly allows and documents runtime-fetching of remote agent cards and OpenAPI specs—e.g., the hosted A2A agent agent_card_url "https://research-agent.example.com/.well-known/agent.json" and the remote OpenAPI spec "https://api.weather.example.com/openapi.json"—which are fetched at runtime and can directly control agent behavior/tools, so they constitute a high-risk external dependency.