on-device-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires/webfetching external docs (SKILL.md: "webfetch the relevant page from https://docs.swmansion.com/...") and its runtime workflows allow loading remote models and processing remote image URLs (setup.md shows remote model URLs like 'https://huggingface.co/.../model.pte' and vision.md accepts image inputs as remote URLs), so the agent ingests open/public third‑party content that can change model behavior or downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly downloads remote model/tokenizer binaries at runtime (e.g., https://huggingface.co/.../model.pte and https://huggingface.co/.../tokenizer.bin), which are required dependencies and directly determine the model's behavior and outputs, so they can effectively control agent instructions at runtime.