ap2-dispute-accountability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Before writing code" section explicitly instructs fetching live docs from public sources (e.g., https://ap2-protocol.org/specification/ and https://ap2-protocol.org/topics/core-concepts/) and performing web searches, meaning the agent will ingest and act on untrusted third-party web content that can influence its implementation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch live docs (e.g., https://ap2-protocol.org/specification/ and https://ap2-protocol.org/topics/core-concepts/) "before writing code" to obtain the exact accountability rules that will directly control implementation prompts/instructions, making these runtime external dependencies required and controlling agent behavior.