agent-evaluation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Documentation Access Protocol" (SKILL.md) explicitly instructs fetching external docs starting at https://mlflow.org/docs/latest/llms.txt and using WebFetch for referenced URLs, and Step 3 Phase B / OSS flows require ingesting the agent's document corpus (docs_df / RAGAS generator / vector search content) to synthesize evaluation items — both are runtime steps that pull public or user-provided content which the agent reads and that can materially drive tool selection and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires runtime fetching of MLflow docs from https://mlflow.org/docs/latest/llms.txt (and then using WebFetch on any referenced URLs), which means external content fetched at runtime can directly control prompts/instructions.