bible-fact-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md Input Sources (item 3) explicitly instructs running ~/.claude/skills/bible-buddy/scripts/fetch_url.py "" (with a headless Chromium fallback) to extract article text from arbitrary URLs, meaning the agent will fetch and read untrusted public web content as part of its required workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a runtime fetch of arbitrary webpages using the command uv run --project ~/.claude/skills/bible-buddy ~/.claude/skills/bible-buddy/scripts/fetch_url.py "" (e.g., https://example.com/article), which imports remote text directly into the agent's context and therefore can control prompts at runtime (the prerequisite uv run patchright install chromium also fetches/executables remotely), so I flag this as a runtime external dependency that controls the agent.