write-gameplan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Specification Language guidance explicitly tells the agent to fetch the Pantagruel language reference from a public URL (https://raw.githubusercontent.com/subsetpark/pantagruel/refs/heads/master/REFERENCE.md) and elsewhere instructs fetching third‑party library docs (e.g., "fetch the relevant docs (e.g. WebFetch against the library's reference)"), which requires ingesting untrusted public web content that the agent must interpret to produce/validate specs and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly tells the implementer to fetch the Pantagruel reference (https://raw.githubusercontent.com/subsetpark/pantagruel/refs/heads/master/REFERENCE.md) and, if the pant tool is not installed, to install it via Homebrew which taps the subsetpark/pantagruel GitHub repo (https://github.com/subsetpark/pantagruel) — both are runtime external fetches and the Homebrew tap will pull/execute remote code that the skill treats as a required dependency for spec validation.