points-valuations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "re-fetch from the source URLs in _meta.sources" (public websites) and to use the transfer-bonuses skill which pulls live data from Frequent Miler/AwardWallet and to check portal rates, so the agent ingests untrusted public web content that can materially influence valuation and action decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs at runtime to re-fetch data from the external "source URLs" listed in _meta.sources (i.e., the URLs in _meta.sources) to update data/points-valuations.json, so those external URLs are fetched during runtime and directly alter the agent's decision-making context.