compose

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to "verify against live source code" using MCP lookup tools and (Tier 2) to fetch raw GitHub/AOSP URLs (e.g., https://raw.githubusercontent.com/... and gh api repos/... in the "Source Code Verification" section), which requires retrieving and interpreting untrusted public third‑party content at runtime and could therefore enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs fetching live source at runtime (e.g., https://raw.githubusercontent.com/androidx/androidx/androidx-main/{path}) as a fallback to "verify against live source code," meaning external content would directly influence agent prompts/responses.