generate-ors-env

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The rollout and server workflow explicitly fetches tasks and prompt blocks from an external ORS server via EnvironmentsAPI (e.g., env = api.get(...); tasks = env.list_tasks("train"); prompt = session.get_prompt()), which means the agent ingests untrusted third-party task/prompt content served from HF Spaces/OpenReward.ai or other public endpoints that can materially alter tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime rollout uses EnvironmentsAPI(base_url=URL) to call the deployed ORS server (e.g., the HF Space base URL like https:///-ors.hf.space) which GETs //prompt and streams /sessions, meaning remote content at that URL directly supplies prompts and controls agent behavior.