migrate-to-detour

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Detour’s runtime deep-link callback ingests the contents of incoming URLs (e.g., https://YOUR_ORG.godetour.link/... or custom schemes) into the app’s LLM context via result.route / link.route / link.params, which are derived from outsider-authored free text in the URL path/query.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the assistant to fetch live README files at runtime (e.g. https://github.com/software-mansion-labs/android-detour/blob/main/README.md and similar repo READMEs) to "prefer the live README" and cross-reference/update guidance, which means external content would be fetched and injected into the agent's context and could directly alter its prompts/instructions.