HyperFleet Standards Audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly and obligatorily fetches and parses standards documents from the public GitHub raw URL (https://raw.githubusercontent.com/openshift-hyperfleet/architecture/main/hyperfleet/standards/) and uses that untrusted third‑party content to derive checks and drive audit decisions, so external content can materially influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill dynamically fetches standards at runtime from https://raw.githubusercontent.com/openshift-hyperfleet/architecture/main/hyperfleet/standards/ (e.g., standards-index.yaml and individual .md files) and uses their contents to build and drive the audit checklist, so remote docs directly control the agent's instructions.