intelligence-transfer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). At runtime, the hooks_transfer workflow ingests outsider-authored free text/JSON from a peer-supplied IPFS CID (via mcp tool call hooks_transfer --json -- '{"action":"load","cid":...}'), which the agent then merges into its LLM context as pattern metadata.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill loads external IPFS content at runtime via the CID passed to "mcp tool call hooks_transfer" (e.g., "QmXyz..."/ipfs://) and merges those patterns into the agent state, meaning remote content can directly influence agent prompts/behavior (publishing also requires Pinata via PINATA_API_JWT).