bible-bread

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Execution Flow (Step 2) explicitly runs bible-buddy fetch scripts (scripts/fetch_sefaria.py, scripts/fetch_biblegateway.py, scripts/fetch_fhl.py) to retrieve scripture from public websites (Sefaria, BibleGateway, FHL), and the agent is expected to read and interpret that fetched, external text as core input for generating devotionals—so untrusted third‑party content could influence its outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill requires installing the external skill "lancetw/skills/bible-buddy" via "npx skills add lancetw/skills/bible-buddy" and at runtime runs its scripts (scripts/fetch_sefaria.py, scripts/fetch_biblegateway.py, scripts/fetch_fhl.py) which fetch remote text from external APIs (e.g., https://www.sefaria.org, https://www.biblegateway.com and similar) and inject that fetched content into the model context/prompts, so those external repositories/APIs directly control prompts and are required dependencies.