paragon-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to ingest and act on third-party/user-generated data—e.g., Managed Sync's "Pull Synced Records" and "Download File Content" endpoints (references/managed-sync.md) and the Proxy API allowing calls to arbitrary integration endpoints (references/proxy-api.md)—which the agent would read/interpret and could materially influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's example runtime fetch of tool schemas from https://actionkit.useparagon.com/projects/{project_id}/actions?format=json_schema is used to generate LLM-readable tools and inject remote descriptions/parameters into the agent's prompt/tool configuration, meaning external content loaded at runtime directly controls agent behavior.