ucp-discount

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs "Fetch live spec: Web-search site:ucp.dev specification discount and fetch the page" which requires fetching a public third-party webpage (ucp.dev) that the agent must read and use to determine schema and behavior, enabling untrusted content to influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the agent to fetch the live discount specification from site:ucp.dev (e.g., https://ucp.dev) at runtime and to use that fetched schema to determine implementation behavior, so external content would directly control the agent's instructions.