golden-dataset-curation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's multi-agent pipeline explicitly fetches arbitrary INPUT: URL/Content using a FETCH AGENT (WebFetch / fetch_url(url) shown in the pipeline and Langfuse trace) and then has multiple agents (quality_evaluator, difficulty_classifier, domain_tagger, query_generator) that read and evaluate that fetched public content (e.g., arxiv.org, github.com, docs.* examples), so it clearly ingests untrusted third-party web content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls fetch_url(url) / uses the user-provided "source_url" at runtime (e.g., any external URL such as arxiv.org or github.com) and injects the fetched content into agent prompts (content_preview), meaning arbitrary external content can directly control prompts—this is a runtime dependency that can enable prompt-injection risks.