watt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly instruct resolving/cloning external repositories (e.g., "wattpm resolve" and watt.json entries with "url": "https://github.com/…") and describe handling CMS webhooks from third‑party providers like Contentful/Sanity/Strapi (references/cms-integration.md and references/enterprise.md), which means the agent's runtime/workflow would ingest and act on untrusted, user-generated content from the open web that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill documents runtime behavior where wattpm / wattpm resolve can clone remote git repositories listed in watt.json (e.g., "url": "https://github.com/your-org/user-service.git"), which will fetch external code that can be executed and is relied on as a required service—constituting a high-confidence runtime remote-code risk.