truefoundry-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references (references/manifest-schema.md: "Agent Source" and "MCP Server (OpenAPI)" sections) explicitly state that agent_card_url/hosted-a2a-agent sources and remote OpenAPI specs are fetched at runtime and converted into MCP tools that influence agent behavior, meaning the agent will ingest untrusted third‑party content that can change its capabilities.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly documents runtime fetching of external agent cards and OpenAPI specs (e.g., the hosted A2A example agent_card_url "https://research-agent.example.com/.well-known/agent.json" and the remote OpenAPI spec "https://api.weather.example.com/openapi.json"), which are fetched at runtime and can directly control agent behavior or convert into MCP tools, meeting the criteria for a runtime external dependency that controls prompts/capabilities.