platform-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.78). The skill’s required workflow involves fetching outsider-authored public portal files at runtime (e.g., {portal-url}/llms.txt, AGENTS.md, registry.json, and skills/{slug}/SKILL.md), and those plain-text documents are then ingested into the agent’s LLM context for parsing/execution guidance—this is indirect prompt-injection exposure from public web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch runtime files (e.g., {portal-url}/registry.json and {portal-url}/skills/{slug}/SKILL.md) whose contents are agent-executable workflows/step definitions that will directly control agent prompts and execution, so these external URLs are required runtime dependencies that control behavior.