summarize-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill clearly fetches arbitrary public content (see summarize-agent.py: extract_web_content uses web_fetch/curl for any URL, extract_youtube_transcript uses yt-dlp for YouTube, and extract_x_post scrapes Nitter), and it passes the raw, untrusted user-generated content into the sub-agent prompt (summarize_with_agent), so third-party content can directly influence the model's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls curl at runtime to fetch arbitrary input URLs (see extract_web_content's curl -sL "{url}", e.g., https://exemplo.com) and then injects that fetched content directly into the prompt sent to the sub-agent, allowing remote content to control agent behavior.