mrdang

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web searches via scripts/search.py using Jina (s.jina.ai) to fetch untrusted public webpage content (titles, URLs, and page "content") as described in SKILL.md Step Three and AGENTS.md, and those search results are summarized (extract_search_content) and used to inform the scoring/decision workflow, so third-party page content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's scripts perform runtime requests to the Jina Search endpoint (e.g. https://s.jina.ai/{query}) and directly inject the returned "content" into the agent's report/context (scripts/search.py → extract_search_content), so remote content can influence/control prompts.