python-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly enables and demonstrates fetching and parsing arbitrary public web pages (e.g., the "Web Scraping" example using requests + BeautifulSoup fetching https://example.com and the "Web scraping
• Extract data from websites" use case), so the agent can ingest untrusted third‑party content that could contain instructions influencing behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill relies on the external inference.sh service (e.g., https://inference.sh and cloud.inference.sh) at runtime to execute arbitrary Python code in a remote sandbox, so this external URL executes code and is a required dependency.