svix-quickstart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s workflow ingests LLM-readable text from Svix’s public documentation at runtime (e.g., “append .md to any docs URL for the LLM-readable version” and the referenced quickstart/install docs), which is outsider-authored free text fetched from the public web and then used as LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to fetch live installation/syntax docs from https://docs.svix.com/quickstart.md (e.g., the #install-the-svix-sdk-optional and #create-a-consumer-application anchors) to determine the exact install commands and code syntax that will then be executed or used, so this external URL directly controls runtime actions.