generate-sandbox-policy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to perform WebSearch/WebFetch of public API documentation (see "Full Tier" and "Auto-Discovery" sections that say "Fetch with WebFetch" and "Use WebSearch ... Fetch the docs page with WebFetch") and to parse those third‑party web pages to extract endpoints, which the agent will interpret to decide policy generation — exposing it to untrusted third‑party content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs WebSearch/WebFetch at runtime to retrieve user-supplied API documentation URLs (e.g., https://api.openai.com) and parses those docs to build endpoint inventories and rules, so fetched remote content can directly control the agent's generated policies.