landing-page-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required workflow includes running belt app run tavily/search-assistant (web search) which fetches public web content at runtime and feeds the retrieved page/snippet text into the agent/LLM context, creating an outsider free-text injection surface.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the inference.sh "belt" platform at runtime (e.g., belt app run falai/flux-dev-lora, tavily/search-assistant, exa/answer, bytedance/seedream-4-5, infsh/html-to-image) so https://inference.sh (and the referenced remote apps) are runtime external dependencies that execute remote code and determine prompts/output.