continuous-learning-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI explicitly fetches and imports arbitrary HTTP(S) URLs (scripts/instinct-cli.py cmd_import uses urllib.request.urlopen to fetch a user-provided URL) and writes those imported "instinct" files into the inherited instincts directory which are then loaded and can influence clustering, evolution, and applied behaviors—so untrusted third-party content can be ingested and affect agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The import command in scripts/instinct-cli.py fetches arbitrary HTTP(S) URLs via urllib.request.urlopen (e.g. https://skill-creator.app or any provided URL) and writes their content into inherited instinct files which can directly modify the agent's behavior/instructions at runtime.