awiki-agent-id-message

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content (profiles, group messages, and public Markdown pages) via commands and modules such as manage_group.py (--get/--members/--list-messages/--fetch-doc), get_profile.py --handle, and the handle resolution GET endpoint, and those remote inputs are treated as the source-of-truth in the GROUP_RELATIONSHIP_PLAYBOOK.md and GROUP_RECOMMENDATION_PROMPTS.md workflows to produce recommendations and follow-up actions, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation instructions explicitly fetch and install remote code at runtime—e.g., curl -L http://awiki.info/static-files/awiki-agent-id-message.zip (download/unzip + pip install) and git clone https://github.com/AgentConnect/awiki-agent-id-message.git—which pulls code that will be installed/executed locally, so these URLs are runtime dependencies that can execute remote code.