interview-radar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Runtime path: the agent ingests OUTSIDER-authored free text from scraped public pages—e.g., scripts/connectors/nowcoder.py fetches NowCoder HTML (UGC) and parse_nowcoder_post() extracts its title/body into RawPost.raw_text, which the agent then reads and uses in later LLM steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches remote markdown/web pages at runtime (e.g., GitHub raw URLs like https://raw.githubusercontent.com/... and github.com/.../blob/...) via GithubConnector/WebFetch and injects that fetched content into the agent/corpus (used as inputs to the LLM), so these runtime-fetched URLs directly control the agent's prompt/context.