dag-hallucination-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Primary Detection Flow explicitly extracts and (when "Network Check Enabled") fetches/verifies URL citations from public sites (e.g., the "Fetch URL" branch and the "All URLs extracted and connectivity verified" quality gate), meaning the agent ingests untrusted third-party webpage content that can influence its verification decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches user-provided citation URLs at runtime (e.g., https://mit.edu/research/ai-performance-2023.pdf) and uses the fetched content to verify claims—injecting external content into the model's decision context and thereby influencing its outputs.