facebook-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and its entrypoints (e.g., skills/20-research/facebook-research/scripts/run_facebook_post_collection.mjs) explicitly run hosted PostPlus collection against public Facebook page/profile/group/post URLs and ingest user-generated public content which the agent reads/normalizes and uses to drive collection, summaries, and follow-up actions, so untrusted third‑party content could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime calls to the PostPlus hosted APIs (e.g. ${POSTPLUS_API_BASE_URL}/api/postplus-cli/hosted/collection and /hosted/capability), and those API responses can include agentAction/confirmationCommand and retryCommand templates (built from remote productError.quoteConfirmation) which directly instruct the agent what shell/CLI commands to run, so this is a required runtime external dependency that can control agent instructions.