ai-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly defines and instructs use of web-facing tools like "search_web", URL reader, and "web search" (see the Tool / Function Calling, Common Tools, and Research Agent sections), which requires fetching and interpreting open/public third‑party web content that can materially influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt provides unrestricted file read/write and shell-command tools (e.g., write_file, shell commands) and examples of executing them with minimal enforced safeguards, which would allow an agent to modify system files or perform privileged actions that can compromise the host.