fiddler-download-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses manifests and installer files from the public downloads.getfiddler.com URLs (e.g., https://downloads.getfiddler.com/.../latest-*.yml and direct installer URLs) and also installs a remote skill from a public GitHub URL, and those third‑party contents are read and used to drive decisions and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and runs remote installers/manifests from https://downloads.getfiddler.com (e.g., latest-*.yml and platform installers) and also directs installing/invoking a remote skill from https://github.com/telerik/fiddler-agent-tools/tree/master/skills/fiddler-mcp-setup, both of which are fetched at runtime and can execute remote code or alter agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill directs the agent to download and install a system-wide application (including running an installer with elevated/admin privileges via osascript), modify system state, and fetch/execute a remote MCP setup skill that lets agent tools inspect and manipulate network traffic, which could compromise the host.