runex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's API reference (templates/0.1.0/api.md) explicitly documents POST /api/workflows/import supporting source types "url" and "git", meaning the Runex server can fetch and import arbitrary external (untrusted) workflow content which the agent can then list, inspect, and execute via the provided API/CLI — allowing remote content to influence actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Runex API exposes POST /api/workflows/import which accepts remote "url" or "git" sources (e.g., a git repo URL like git@github.com:org/repo.git or arbitrary https:// URLs) that the server will fetch at runtime and import as workflow definitions whose steps can execute shell commands, so external content can directly control execution.