venice-augment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly fetches and returns third-party web content via POST /augment/scrape (arbitrary URLs) and POST /augment/search (Brave/Google results with content) and instructs pipelines to feed those returned markdown/results into /chat/completions (e.g., “scrape → feed markdown into messages → summarize” and “/augment/search → parallel /augment/scrape → /chat/completions”), so untrusted public content is read and can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes a runtime endpoint (https://api.venice.ai/api/v1/augment/scrape) that fetches arbitrary external URLs and returns markdown which the skill explicitly instructs to feed into model messages, meaning remote page content can directly control agent prompts.