metavr-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via the metavr docs fetch <url> runtime path, which retrieves arbitrary public web documentation markdown (e.g., from developers.meta.com) and returns it as readable text for the agent to consume.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill exposes a runtime fetch ("metavr docs fetch https://developers.meta.com/horizon/documentation/...") that retrieves external documentation pages which are intended to be passed into agent workflows as authoritative context and therefore can directly control prompts/instructions if used at runtime.