ask-next

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to POST queries to the public Next.js RAG API at https://next-docs-agentic-rag.labs.vercel.dev/api/rag and to "read the returned documentation carefully," so it ingests and acts on externally fetched public documentation that could contain instructional content from third-party sources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues a runtime curl POST to https://next-docs-agentic-rag.labs.vercel.dev/api/rag and instructs the agent to read and use the returned documentation to generate responses, so the fetched content is injected into the agent's context and directly controls its prompts.