android-source-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md fallback explicitly instructs the agent to fetch and read public source files from third-party sites (android.googlesource.com via Gitiles and raw.githubusercontent.com / GitHub via gh api), so the agent will ingest untrusted public content that could influence its decisions or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs runtime fetching of code/text from external sources (e.g., https://raw.githubusercontent.com/androidx/androidx/androidx-main/{path} and https://android.googlesource.com/platform/frameworks/base/+/refs/heads/main/{path}?format=TEXT), which would be injected into the agent's context and directly influence its responses, so these URLs are runtime dependencies that control prompts.