neta-community

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches community (user-generated) content from the Neta API—e.g., request_interactive_feed, get_hashtag_info, get_hashtag_collections and request_character_or_elementum called in references/interactive-feed.md and references/hashtag-research.md—which return untrusted "lore", collection and character text that the docs explicitly instruct the agent to read and reuse in prompts and creation flows (e.g., "reuse keywords and terminology from lore", "Create based on research"), so third-party content can materially influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs remote code at runtime via the npx command "npx -y @talesofai/neta-skills@latest" (package @talesofai/neta-skills, e.g. https://www.npmjs.com/package/@talesofai/neta-skills), which causes fetching and execution of external package code that the skill relies on.