fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to fetch and read markdown from public URLs and domains (“Use fetch to fetch the URL or domain” and “Fetches markdown from public URLs, docs pages, articles, or changelogs”), meaning untrusted third‑party web content is ingested and can influence the agent’s decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches arbitrary user-supplied URLs at runtime and injects the fetched Markdown into the agent's context (i.e., any URL passed to fetch, e.g., "https://"), so remote content can directly control prompts and agent behavior.