ferrite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Ferrite's playbook and included skill files (e.g., SKILL.md playbook plus skills/url-content-extraction.md, skills/reddit-community-post-comments.md, skills/firecrawl-web-scraping.md, and many search/scrape skills) explicitly instruct the agent to discover, fetch, scrape, and consume content from public URLs, social media, and forums and then act on that content, exposing it to untrusted third-party input that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Ferrite playbook and README instruct agents to open the skill_url at runtime (which are raw GitHub URLs such as https://raw.githubusercontent.com/jpbonch/ferrite/main/skills/agentscale.md) and then follow the exact request/method/headers/body from that fetched Markdown — i.e., remote raw.githubusercontent.com content is fetched at runtime and directly controls the agent's instructions for subsequent calls.