adding-resource

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's ov add-resource explicitly imports web pages, URLs, and remote repositories (e.g., "ov add-resource https://example.com/guide" and "supporting ... URLs and remote repositories"), which are untrusted public third‑party content that the agent semantically ingests into its knowledge base and can influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime fetch-and-import of external content (e.g., https://raw.githubusercontent.com/volcengine/OpenViking/main/README.md), which would be injected into the agent's context and can directly control prompts or supply executable instructions.