golden-dataset

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's curation/annotation workflows explicitly fetch and ingest web content via a "FETCH AGENT (WebFetch or file read)" and functions like fetch_url and extract(url) (see references/annotation-patterns.md and rules/curation-add-workflow.md), meaning the agent reads public third‑party webpages and uses that content to drive inclusion/tagging/query-generation decisions — creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The GitHub Actions workflow runs a remote install script via "curl -sSL https://install.python-poetry.org | python3 -" which fetches and executes remote code at runtime and is used to install a required dependency (Poetry) for the workflow, so it poses a high-risk runtime external dependency.