sumsub-check-skills-version

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required workflow runs scripts/check_version.sh, which fetches public web content from https://api.sumsub.com/llms.txt via curl, parses it, and then render_headsup.sh re-emits the cached headsup markdown into the agent’s final LLM context (indirect prompt injection risk from outsider-authored remote text).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). High-confidence: scripts/check_version.sh performs a runtime curl of https://api.sumsub.com/llms.txt and the fetched text is parsed and turned into a cached "headsup" blockquote that render_headsup.sh re-emits verbatim as the first line of the assistant's reply, meaning remote content directly controls agent output.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)