tech-advisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow explicitly performs web search and then fetches arbitrary URLs (e.g., via MCP DuckDuckGo search/jina_fetch, built-in web fetch, Web Forager, ddgs, or Jina Reader r.jina.ai), so outsider-authored free text from public web pages can be ingested into the agent’s LLM context through the fetched page contents.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires fetching arbitrary web pages at runtime (example: curl -s "https://r.jina.ai/https://example.com") to ingest their content into the agent's context as evidence, which means remote content from https://r.jina.ai/... can directly control prompts/instructions and is a required runtime dependency.