deep-risk-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "fetch it using WebFetch" when a URL is provided (Step 1: Read the Contract), meaning the agent will ingest arbitrary public URLs/third‑party contract documents and parse them as part of its workflow, which could carry untrusted, user-generated content that influences subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches any user-supplied URL via WebFetch at runtime (the URL provided to the "/legal risks " trigger) and injects that fetched contract text into the model context, so such external URLs can directly control the agent's prompts.