posthog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs spawning a sub-agent to fetch and follow links from public PostHog documentation (starting at https://posthog.com/docs and linked subpages) and to extract code/configuration that will be used to implement integrations, which means the agent will ingest and act on untrusted third‑party web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs spawning a sub-agent that, at runtime, fetches PostHog documentation (e.g., https://posthog.com/docs) and uses the fetched pages to directly drive prompts, code snippets, and configuration guidance, so the external URL content controls agent instructions.