halo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls a Halo instance (HALO_BASE_URL) via the halo-cli to list/get/create/update/publish blog posts (see SKILL.md and docs/setup.md), so it ingests user-generated content from external/public Halo sites which the agent reads and can use to drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running "npx -y @tnnevol/halo-cli" at runtime, which fetches and executes remote code from the npm registry (e.g., https://www.npmjs.com/package/@tnnevol/halo-cli), so this is a required external dependency that runs remote code.