far-general

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider-authored free text can enter the LLM context via the user’s own message content (the runtime request text is included in the agent prompt), and the skill’s workflow explicitly processes arbitrary user requests in both Sales/Developer modes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's "Retrieval-first" rule explicitly instructs the agent to fetch https://docs.banuba.com/far-sdk/llms-full.txt at runtime when local docs are missing, which would be fetched and injected into the agent's context and thus directly influence prompts/responses.