case-study-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running web search apps (e.g., "belt app run tavily/search-assistant" in Quick Start and "belt app run exa/search" / "exa/answer" in Research Support) to fetch open-web results and statistics that the agent is expected to read and use to guide the case-study writing, exposing it to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires the inference.sh CLI (https://inference.sh) and calls belt app run (e.g., infsh/python-executor and other inference-sh apps) at runtime, which executes remote code/logic on that platform and is a required runtime dependency.