explainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses arbitrary user-supplied URLs (via WebFetch in Step 2/2.6) and GitHub repo data/README (Step 2/GitHub mode and Step 3.0) and then uses that untrusted page/README content to author the beat sheet and drive browser actions (capture_website), so third-party content can directly influence tool behavior and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill WebFetches the user-supplied https://... URL (including GitHub repo URLs like https://github.com/{owner}/{repo} and associated README/files via the GitHub API) at runtime and uses that fetched page/README content to author the beat sheet and vo_text, so external content directly controls the agent's prompts/instructions.