aws-agentic-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Browser service (services/browser/README.md and referenced SKILL.md) explicitly allows agents to navigate to arbitrary URLs and extract/evaluate webpage content (web scraping, form interaction, evaluate JavaScript), so the agent will fetch and interpret untrusted third‑party web content that can directly influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The runtime artifact container URI (<ACCOUNT_ID>.dkr.ecr..amazonaws.com/my-agent:latest) is referenced as the agent runtime image in create-agent-runtime and would be pulled and executed at runtime, meaning remote code is fetched and run as a required dependency.