by-harness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's upgrade workflow explicitly fetches and applies a remote manifest when a manifest_url is configured ("有 manifest_url 时从远程 manifest 拉取并校验 checksum" in SKILL.md and scripts/update_runtime.py), causing the agent to read and act on content from arbitrary public URLs (e.g., raw.githubusercontent.com entries in the runtime manifest), which could materially influence what the tool downloads or executes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime manifest lists multiple raw.githubusercontent.com URLs (for example https://raw.githubusercontent.com/xmzDesign/santong-skill/main/by-harness/scripts/update_runtime.py) which the runtime will fetch as required files (scripts and hook code) and those fetched scripts/hooks are intended to be executed or used by the agent, so they constitute runtime-executed external code.