tensorlake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent (SKILL.md / README) to WebFetch the live doc index at https://docs.tensorlake.ai/llms.txt and then fetch and treat arbitrary .md pages from docs.tensorlake.ai as the source of truth for code and actions, thereby ingesting public third‑party content that can influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires a runtime WebFetch of the live docs (starting at https://docs.tensorlake.ai/llms.txt and then fetching the listed .md files) and directs the agent to use those fetched markdown pages as the authoritative source for generating prompts/code, so these external URLs directly control agent instructions at runtime.