seti

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Default Workflow and MCP tools (SKILL.md) explicitly instruct the agent to run web_search and call enrich_content to fetch full page text from arbitrary URLs (via SearXNG/Jina Reader), then synthesize answers/actions from that untrusted public web content, which can enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's enrich_content tool fetches arbitrary external pages at runtime (e.g., https://example.com/article) via Jina Reader and injects that fetched content into the agent's model context, so remote URLs can directly control prompts.