seren-publishers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's API explicitly allows proxying publisher scrapers and arbitrary URLs (e.g., GET /publishers/{slug}/{path} and POST /publishers/firecrawl-serenai/scrape?url=...), so the agent can fetch and ingest untrusted public web content from third-party sites which could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime calls to https://api.serendb.com/publishers (e.g., POST /publishers/{slug}/{path} and MCP tool endpoints) which will invoke remote publisher tools/compute and thus can execute remote code or return instructions that influence agent behavior.