cdrf-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (step 3 "Navigate cdrf.co with version-first discipline") explicitly instructs the agent to open and extract class/MRO/method details from the public cdrf.co site, meaning the agent will fetch and interpret untrusted third-party web content that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to navigate and fetch pages from https://www.cdrf.co (e.g., https://www.cdrf.co/3.16/) and to extract class/method content that will directly control the agent's prompts and responses, making this an external runtime dependency.