technical-blog-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using the belt CLI's "exa/search" (Quick Start: belt app run exa/search --input ...) to research topics—which fetches and ingests open/public web content that the agent is expected to read and use to shape writing and follow-up actions—so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires the inference.sh CLI (https://inference.sh) and includes runtime belt app calls (e.g., belt app run infsh/python-executor) that send and execute arbitrary Python/HTML code on the remote service, so the external inference.sh endpoint is a required runtime dependency that can execute remote code.