bundle-social-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the public Bundle.social API (see references/07-analytics.md: GET /api/v1/analytics/post, /post/raw, /post/bulk) and ingests post objects and raw analytics (including post title/data and raw per-platform data) which are user-generated/untrusted content that the agent is expected to read and use to drive decisions (e.g., deep-dive, force refresh, reporting), so those third-party fields could carry indirect prompt-injection payloads.