sourcing-selection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly routes the agent to collect and synthesize evidence from public platforms (e.g., skills/20-research/amazon-research, google-trends-research, tiktok-research and the social-media-extractor) and the repo includes scripts (e.g., download_videos_from_manifest_with_ytdlp.mjs) that fetch arbitrary public URLs, so the agent is required to read untrusted, user-generated third‑party content that can materially influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the configured PostPlus hosted-capability API at ${POSTPLUS_API_BASE_URL}/api/postplus-cli/hosted/capability (used at runtime via requestHostedCapabilityApiJson), which executes hosted capabilities and returns output consumed by the skill—i.e., external responses can control agent behavior and trigger remote execution.