soul

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells the agent to browse and ingest raw third-party content from data/ (e.g., SKILL.md and data/_GUIDE.md instruct "browse data/ to understand positions and tone", README.md and BUILD.md describe fetching social/blog/YouTube content and scripts like examples/garry-tan/scripts/fetch_x.py/fetch_writing.py), which are public, user-generated sources and are used to ground outputs—so untrusted third‑party content is read and can influence the agent's subsequent actions.