morph-warpgrep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and ingests code from arbitrary repositories (repoRoot / local filesystem via ripgrep/read) and the docs/scripts even show cloning a public GitHub repo (e.g., git clone https://github.com/letta-ai/letta-code.git) so untrusted, user-generated third-party content is read and then used to drive searches and edits (see "Quick Start: WarpGrep", "Using as an Agent Tool", "Combining WarpGrep + Fast Apply", and scripts/test-warpgrep.ts), which could allow indirect prompt-injection to influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to Morph's LLM API (https://api.morphllm.com/v1/chat/completions), and the completions returned by that endpoint are used directly to produce search contexts and merged code (i.e., they control agent outputs), while the skill explicitly requires the Morph API/SDK to operate.