miriad-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly exposes tools that fetch and interact with arbitrary public web pages and user-generated sites (e.g., web_search/web_fetch in "Web & Background" and the agent-browser workflow in references/agent-browser.md which shows opening pages like https://news.ycombinator.com and clicking/filling/extracting content), so untrusted third‑party content is ingested and used to drive actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running npx github:sanity-labs/mcpcli (npm/github:npx fetch) inside sandboxes at runtime — e.g., "npx github:sanity-labs/mcpcli" — which downloads and executes remote code and is presented as a required tool for running stdio MCP servers, so it is a runtime-fetched dependency that executes remote code.