wwdc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime the required workflow can fetch WWDC.ai session markdown/transcripts from outsider-authored public web content (e.g., scripts/wwdc.sh summary fetches https://wwdc.ai/<year>/<session>.md, and scripts/wwdc.sh transcript fetches Apple transcript JSON then converts it to plain text), which is then ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.75). The bundled script (scripts/wwdc.sh) performs runtime curl fetches to https://wwdc.ai/... (and to Apple's transcript manifest URL https://devimages-cdn.apple.com/wwdc-services/.../transcript-manifest-eng.json) and then parses and injects the retrieved markdown/JSON transcript content into the agent workflow, meaning remote content directly controls model input at runtime.