quantai-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and read open third-party content from the external BASE_URL (e.g., /tasks and /tasks/{TASK_ID} for task "description" and "hints", and /jobs/{JOB_ID}/files/* and logs like strategy.cs and retest logs), and explicitly requires the agent to interpret those untrusted JSON/files and logs to decide technical paths, fix code, and drive subsequent actions—creating clear potential for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime HTTP requests to http://54.151.204.72:8000 (e.g., /tasks, /tasks/{TASK_ID}, /jobs/{JOB_ID}/files/strategy.cs, /jobs/submit, etc.) to fetch task descriptions/hints that directly drive the agent's decision flow and to download code (strategy.cs) used in the workflow, so the external host supplies required runtime instructions/code that control the agent.