rising

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill issues a WebFetch to https://vibeindex.ai/api/rising-stars and directly extracts and displays names and descriptions (user-generated GitHub/resource metadata) from that public API, so the agent will read and format untrusted third-party content that could carry indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs a runtime WebFetch to https://vibeindex.ai/api/rising-stars?ref=skill-rising&period={period}&limit=10 and instructs the agent to extract fields from the returned "rising" array, so external content fetched at runtime directly controls the agent's prompts/output and is a required dependency.