truefoundry-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports fetching external OpenAPI specs and hosted A2A agent cards at runtime (see references/manifest-schema.md: "Remote specs are fetched at runtime and converted into MCP tools" and "agent_card_url and hosted-a2a-agent sources are fetched at runtime and can influence agent behavior"), which means untrusted third‑party URLs can be ingested and can directly alter tool capabilities and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly accepts runtime-fetched external agent/ OpenAPI URLs (e.g., agent_card_url "https://research-agent.example.com/.well-known/agent.json" and remote OpenAPI spec "https://api.weather.example.com/openapi.json"), and the content at those URLs is fetched at runtime and converted into agent behavior/tools (directly influencing prompts/instructions), so they represent a high-risk runtime external dependency.