agents-hot-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs exposing agents to the open "Agents Hot" network and discovering/calling remote agents (Steps 2, 7–9 and the "expose" commands like ah agent expose "<agent-slug>" --provider agents-hot), which will ingest and act on untrusted third-party agent requests from the public A2A registry and thus could enable indirect prompt injection.