devassure

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly has the DevAssure AI agent open and interpret arbitrary application URLs from test_data.yaml / the "Open the application url" test step (SKILL.md and references/cli-reference.md) and uses page content (see agent_instructions.yaml and conditional steps like "If MFA is asked...") to decide follow-up actions, which means untrusted public web pages could influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The troubleshooting doc explicitly lists devassure-llm-2e2fa73b953b.herokuapp.com as a required host for the CLI, indicating the tool contacts that external LLM endpoint at runtime and that endpoint likely supplies the agent's instructions/prompts.