paragon-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly instructs the agent to call Paragon's ActionKit LIST ACTIONS endpoint (references/actionkit.md) and Managed Sync endpoints (references/managed-sync.md) to fetch LLM-readable action schemas and synced user data/files from third-party integrations (e.g., Google Drive, Salesforce), which the agent is expected to parse and use to select/execute tools—this clearly ingests untrusted, user-generated third-party content that can influence agent behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime fetch of ActionKit actions from https://actionkit.useparagon.com/projects//actions?format=json_schema whose returned JSON schema is injected into LLM tool definitions and thus directly controls agent prompts/instructions, creating a required runtime dependency.