allium-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Explorer workflow explicitly instructs the agent to fetch public documentation (curl -s https://docs.allium.so/llms.txt in references/explorer.md) and to run or rely on saved queries from app.allium.so, which are external, public resources that the agent must read and that can materially influence SQL/tool actions—creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup explicitly instructs running a remote installer that is piped to a shell — "curl -sSL http://agents.allium.so/cli/install.sh | sh" — which fetches and executes remote code at runtime and is required to install the CLI dependency.