agent-message-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and streams user-generated content from a configurable third-party server (e.g., via agent-message read, agent-message watch, and agent-message catalog prompt using server_url), and the agent is expected to read/interpret those messages which can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes a runtime command that fetches authoritative prompt content from the configured server via GET /api/catalog/prompt (e.g., http://localhost:45180/api/catalog/prompt or any configured server_url such as https://api.example.com), which directly supplies prompt/instruction text to the agent and thus can control agent behavior.