pulse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and processes public, user-generated chat content via the share-link guest API (e.g., GET/POST /api/chat/guest-v04 described in skills/talk-to-agent/SKILL.md and examples), and those conversation outputs are then used in the documented autonomous-update workflows (skills/autonomous-sync and related examples) to search, snapshot, create, or patch notes—meaning untrusted third-party input can be read/interpreted and materially drive tool use and edits.