posse-distribution-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's collect_backfeed(syndication_urls) function calls adapter.get_metrics(url) to fetch likes, reposts, and comments from public syndication URLs (e.g., bsky.app, dev.to) — untrusted, user-generated third‑party content that the skill ingests and uses to enrich the canonical record and could therefore influence subsequent behavior.