odoo-19

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The AGENTS.md and SKILL.md explicitly instruct agents to load the skill from a public Git repository (git@github.com:unclecatvn/agent-skills.git) so the agent will fetch and read third‑party repository content as part of its workflow, which could contain untrusted/user‑authored instructions that influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The AGENTS.md instructs agents (e.g., Cursor) to load the skill content at runtime from the Git repository git@github.com:unclecatvn/agent-skills.git, which would fetch external repository content that directly supplies the agent's prompt/skill data and thus can control instructions, so I flag git@github.com:unclecatvn/agent-skills.git.