swiftbar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and required workflows (e.g., "Python Plugin with API Call" in references/patterns.md and the Hacker News example in the evals) explicitly instruct plugins to fetch and parse data from public third‑party sources (openweathermap.org, Hacker News, arbitrary APIs) and use that data to generate SwiftBar menu lines (including href/bash parameters), so untrusted external content is consumed and can materially influence actions.