awiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and references show it reads and ingests untrusted, user-generated content — e.g., message inbox/history in references/03-messaging.md and tenant site pages via references/11-site-pages.md (and even installs from public GitHub/Gitee URLs in references/00-installation.md) — and the agent is expected to inspect that content and draft or drive follow-up actions (e.g., discovery drafting, messaging), which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The installation instructions call out fetching and installing remote skill code via npx (npx skills add https://github.com/AgentConnect/awiki-cli.git and the Gitee mirror https://gitee.com/agentconnect/awiki-cli.git), which will download and install/execute third‑party code into the agent environment and thus can directly affect agent behavior and prompts.