southwest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill autonomously navigates and scrapes the public southwest.com site (see SKILL.md and scripts/search_fares.py, check_change.py, monitor.py) and parses that page text as input to its workflows (fare extraction, savings detection, monitor actions), so external third‑party page content can materially influence decisions and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill's runtime instructions explicitly pull and run remote container images (e.g., docker run ghcr.io/borski/sw-fares) and require installing/running the third‑party Patchright package (pip install patchright && patchright install chromium), both of which fetch and execute remote code at runtime (ghcr.io/borski/sw-fares and the patchright package), so they are runtime external dependencies that execute code.