discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open/public third‑party content (FASE 1: "Use the tool WebFetch to buscar o conteúdo da URL" for Google Docs/Notion/any public link, and FASE 6: "realize 2-3 buscas using the tool WebSearch"), treats those untrusted/user-generated sources as inputs the agent must read and summarize, and uses those findings to drive discovery decisions and generate files—creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses the WebFetch tool at runtime to fetch arbitrary user-provided URLs in FASE 1 and then uses that fetched content as the basis for the agent's instructions and outputs (i.e., "use as base" / extract context), so any user-supplied URL (the fetched URL) can directly control prompts and thus is a runtime external dependency to flag.