write-spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs "On first invocation, fetch the full Pantagruel language reference" from https://raw.githubusercontent.com/subsetpark/pantagruel/refs/heads/master/REFERENCE.md via WebFetch, which is an open/public third‑party resource that the agent must read and rely on for syntax/semantics, allowing external content to influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to WebFetch the Pantagruel language reference at https://raw.githubusercontent.com/subsetpark/pantagruel/refs/heads/master/REFERENCE.md and to use that fetched text as the authoritative grammar/semantics guiding generation, so the remote content directly influences agent prompts/instructions and is treated as a required dependency.