detection-engineering-coverage-evaluation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The workflow explicitly fetches and extracts “the entire text content of the page” from a user-supplied URL (Step 1), which is public web content authored by outsiders, and that extracted free-form text is then passed into the LLM/tool context to generate TDOs (Step 2).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Step 1 instructs the agent at runtime to fetch the full HTML/text from an external blog URL (placeholder {url}) and then use that fetched content to generate Threat Detection Opportunities, meaning remote content fetched from {url} would directly control agent prompts and subsequent behavior.