truefoundry-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Fetching Docs" step explicitly tells the agent to curl/WebFetch public TrueFoundry docs (e.g., https://truefoundry.com/docs/deploy-first-service) and the success criteria require fetching and summarizing those pages, so the agent will ingest and act on third-party web content at runtime which can influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly allows fetching remote OpenAPI specs at runtime (e.g., "https://api.weather.example.com/openapi.json"), which the docs state are fetched and converted into MCP tools that directly control agent capabilities (and the skill also shows runtime-fetching examples like agent_card_url and curl/pip install commands that execute remote content), so this is a runtime external dependency that can alter prompts or execute code.