defold-assets-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's generator script (.agents/skills/defold-assets-search/scripts/generate_index.py) downloads a public JSON from https://insality.github.io/asset-store/dependencies_store.json and the SKILL.md Step 2 explicitly instructs the agent to fetch candidate example_code, api, and manifest_url web pages (community READMEs/manifests) and use that content to compare, recommend, and install libraries, which is untrusted third‑party content that can influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime script downloads external JSON from https://insality.github.io/asset-store/dependencies_store.json (and the skill then explicitly fetches arbitrary example_code / api / manifest URLs from that index at runtime to inject README/usage content into the agent's research context), so external content can directly influence the agent's prompts/responses.