graphify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly supports fetching arbitrary web pages via the "graphify add " command (see Usage and Tips), which saves third-party content into ./raw and is then processed by the pipeline's LLM extractors and persisted in graphify-out/graph.json — meaning untrusted, user-provided web content can be ingested and materially influence subsequent queries and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime installation step includes a pip install of the package "graphifyy" (e.g., pip install graphifyy — https://pypi.org/project/graphifyy), which fetches and executes remote Python code required for the pipeline and that code drives LLM extraction and prompts, so this is a runtime external dependency that can control prompts/execute code.