integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references (references/manifest-schema.md and references/container-versions.md) explicitly state that remote OpenAPI specs (spec.url), agent_card_url/hosted-a2a-agent sources, and external artifact pages (e.g., HuggingFace/GitHub release pages) are fetched at runtime and "converted into MCP tools" or "can influence agent behavior," which means the agent can read and act on untrusted third‑party content supplied via arbitrary URLs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly documents runtime-fetching of external agent/card and OpenAPI spec URLs (e.g., https://research-agent.example.com/.well-known/agent.json and https://api.weather.example.com/openapi.json), which are fetched at runtime and can be converted into agent tools/agent behaviour (thus directly controlling prompts/instructions).