virtual-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs hosting campaign URLs and loading the Zoom SDK in web pages/WebViews (web/SKILL.md, android/SKILL.md, ios/SKILL.md) and describes knowledge-base sync from external systems, meaning the agent will ingest and act on third‑party page content and emitted events/commands (e.g., support_handoff, openURL) that can drive native actions and routing.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly loads the remote SDK script at runtime (e.g., https://us01ccistatic.zoom.us/us01cci/web-sdk/zcc-sdk.js), which is a required dependency that executes remote code and controls the Virtual Agent behavior/prompts in-page.