slowmist-agent-security-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires fetching and analyzing public third‑party content—e.g., "When user provides a repository URL" (Pattern 2 includes a curl to api.github.com), "When user shares an external URL or document" (Pattern 3), and external AML API calls (Pattern 4)—so the agent ingests untrusted web/user-generated content that can materially influence its decisions.