anygen-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the external AnyGen API (www.anygen.io) as part of its mandatory prepare/create workflow and explicitly instructs the agent to present and use the "reply" and "prompt" from the prepare response (suggested_task_params) when creating tasks, meaning untrusted third‑party content from AnyGen directly drives tool use and next actions (SKILL.md, Phases 2–3 and scripts/anygen.py prepare/create flows).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls AnyGen's runtime API (https://www.anygen.io) during execution (e.g., the /v1/openapi/tasks/prepare endpoint) and relies on the returned suggested_task_params.prompt/reply which the agent is instructed to present and use verbatim, so this external URL directly controls prompts at runtime.