Skywork Excel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the agent "automatically searches for real-time data" and lists backend tools like "parallel_search_full" and "browse_urls" that fetch content from the web/URLs, so the agent will ingest untrusted public web content (news/sites/URLs) as part of its workflow and that content can influence outputs and subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the backend gateway (default SKYWORK_GATEWAY_URL=https://api-tools.skywork.ai/theme-gateway) and auth endpoints (https://api.skywork.ai and https://skywork.ai) which stream LLM/tool events (including jupyter_execute and other tool commands) that directly control agent prompts and execute remote actions, and the skill depends on these endpoints to function.