security-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill runs external scanners and package tools that fetch public data (e.g., npm audit, pip/go installs, semgrep --config=auto, OWASP dependency checks) and then reads the resulting report at bazinga/artifacts/{SESSION_ID}/skills/security_scan.json as part of its workflow, so untrusted public registry/advisory content can be ingested and influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs runtime installers and executes fetched tooling (e.g., go install github.com/securego/gosec/v2/cmd/gosec@latest and pip install bandit/semgrep) which fetch remote code during execution and are required for the scanners, so this is a runtime external dependency executing remote code (flagged URL: github.com/securego/gosec/v2/cmd/gosec@latest).