setup-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run WebSearch/WebFetch in multiple workflow steps (see "Look Up Current Version" §3, "Populate Engine Reference Docs" §7, and "Upgrade Subcommand" §11) to fetch official migration guides, changelogs, and other public web documentation and then read/interpret that content to populate docs and drive upgrade actions, so open/public third‑party pages can materially influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls WebSearch/WebFetch at runtime to retrieve external migration guides and official documentation (i.e., the migration-guide and changelog URLs discovered via WebFetch) and then parses and injects that content into engine-reference docs and agent "Version Awareness" instructions, so those external URLs can directly control agent prompts/behavior.