zener-language

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly directs the agent to use pcb doc and to read package source roots and external changelogs (e.g., the GitHub URL https://github.com/diodeinc/pcb/blob/main/CHANGELOG.md and package URLs like github.com/org/repo/path@vX.Y.Z), which requires fetching and interpreting public third‑party repository/web content that can affect decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly shows cross-package loads such as Module("github.com/org/repo/path/Foo.zen") and package pins like github.com/org/repo/path@v0.2.5 which are fetched at runtime to load .zen (Starlark) modules that are executed by the toolchain, so remote repository content can execute code and affect behavior.