Layer 2s

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The required runtime workflow uses curl -s https://ethskills.com/l2s/SKILL.md to fetch readable text from a public web page (outsider-authored content) that is then ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The catalog's install.command and setup explicitly instruct fetching and loading remote content with "curl -s https://ethskills.com/l2s/SKILL.md" and tell the agent to "Read https://ethskills.com/l2s/SKILL.md", so runtime-loaded content from that URL would directly control agent prompts/behavior.