alva

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and reason over open/public third‑party content (see "Content Search" / unified_search and feed_widgets for Twitter/X, Reddit, YouTube, news and general web) and the ADK examples show the agent calling getNews/searchNews tools whose results feed into LLM-driven decision loops, so untrusted user-generated web/social content is read and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching a published blueprint at runtime via the Skillhub (e.g. using the command "alva skillhub file / template.md") and treats that fetched file as authoritative guidance for the agent's plan and behavior, which means remote content loaded at runtime can directly control agent instructions.