wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Ingest workflow explicitly WebFetches arbitrary URLs and then "Read the source" and uses that content to create/update pages and logs (SKILL.md Ingest steps: "URL → WebFetch the content" and "Read the source"), so untrusted public webpages can directly influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs a WebFetch of user-supplied URLs during the "ingest " runtime flow (i.e., WebFetch ), and the fetched document is read and injected into the agent's context to drive writing/decisions—creating a clear prompt‑injection vector from arbitrary external URLs.