commander-tuner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content as part of its required workflow (e.g., Step 4's "Use WebFetch" / edhrec-lookup and web-fetch "" to pull strategy articles, Step 2/2.5's scryfall-lookup and download-bulk for Scryfall data, and Step 5.5/combo-search which calls backend.commanderspellbook.com), and those external pages/API results are read and used to drive analysis, cuts/adds, and tool-driven decisions—so untrusted web content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The combo-search script makes runtime POST requests with the deck data to https://backend.commanderspellbook.com/find-my-combos (and related Spellbook endpoints) and the JSON response is consumed to identify combos/near-misses that directly influence agent prompts, analyses, and required subagent inputs (e.g., Step 5.5 and Step 7), so this external URL controls agent behavior at runtime.