oss-bounty-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly scrapes and ingests public third‑party sites (e.g., Algora, IssueHunt, GitHub awesome lists and repo issues, NLNet, Sovereign Tech Fund, Mozilla MOSS, GSoC, Outreachy) and uses that untrusted, user-generated content to drive extraction, filtering, and the agent's decision-making, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime tinyfish calls that load remote pages (for example: https://algora.io/bounties?lang=) and inject those pages' content into the agent context to drive extraction and decision-making, and the skill explicitly depends on those external sites for its operation, so those URLs are runtime external dependencies that directly influence agent behavior.