Asta Library

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to parse asta:// URLs, URL-decode and curl-download remote index.yaml files (e.g., "Working with Remote Indexes (asta:// URLs)" examples) and to fetch document content over http(s)/s3/gs, meaning it ingests untrusted, user-controlled public web/storage content that the agent will read and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime installation commands that fetch and install remote code (e.g., uv tool install git+https://github.com/allenai/asta-plugins.git@v$PLUGIN_VERSION and uv tool install git+https://github.com/allenai/asta-resource-repo.git), which retrieve and execute remote code as a required dependency (the asta CLI).