truefoundry-ssh-server

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The manifest explicitly warns that hosted-a2a agent card URLs are fetched at runtime and can influence agent behavior — e.g. the example agent_card_url "https://research-agent.example.com/.well-known/agent.json" — so this is a runtime external dependency capable of controlling prompts.