opengrep-rule-generator-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's research-enhanced workflow (SKILL.md, OPENGREP_RULE_GENERATOR_PROMPT.md and README) explicitly requires using WebSearch/WebFetch to fetch public third‑party pages (e.g., NVD, cwe.mitre.org, OWASP) and to incorporate those findings into rule generation, so untrusted web content is fetched and directly used to drive decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires WebSearch/WebFetch at runtime to fetch external pages (e.g., https://cwe.mitre.org/data/definitions/.html) which are loaded into the agent's context and directly influence the generated prompts/instructions for rule generation, creating a runtime external dependency that controls agent behavior.