flight-search-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run and aggregate results from open/public third-party sources (e.g., "Run ALL of these in parallel: Duffel + Ignav + Google Flights + Skiplagged + Kiwi" in "The Standard Flight Search Workflow" and the "Market Selection Strategy" that uses google‑flights via the &gl=XX URL), so the agent will fetch and interpret untrusted public web content which can materially influence search/booking decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running a pre-built Docker image that is pulled and executed at runtime (ghcr.io/borski/sw-fares), which fetches and runs remote code as a required part of the Southwest skill.