truefoundry-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's manifest-schema and agent registration docs explicitly state that external resources are fetched at runtime — e.g., MCP Server (OpenAPI) remote spec URLs are "fetched at runtime and converted into MCP tools" and Agent hosted-a2a-agent agent_card_url is fetched at runtime — meaning the agent will ingest untrusted remote content that can change its tools/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly allows fetching remote resources at runtime that directly control agent behavior — e.g., remote OpenAPI specs (spec.url "https://api.weather.example.com/openapi.json") are fetched and converted into MCP tools and hosted A2A agent cards ("https://research-agent.example.com/.well-known/agent.json") are fetched at runtime and can influence/onboard agents — both are runtime external dependencies that can control prompts/tools.