andrej-karpathy-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Research workflow (Step 2) explicitly requires using tools like "WebSearch" to fetch and inspect public third‑party sources (e.g., GitHub, technical blogs, X posts, user feedback and arbitrary web pages) and mandates using those findings to inform the agent's judgments and follow‑up actions, which exposes the agent to untrusted user‑generated content that could carry indirect prompt injections.