bundle-social-import

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and view imported social media posts and CSV row results (e.g., "View results: GET /api/v1/post-history-import/posts" in SKILL.md and the GET /api/v1/post-csv-import/{importId}/rows endpoint in references/11-post-csv-import.md), which are user-generated/untrusted third‑party contents that the agent is expected to read and then act on (verify, retry, bulk-delete, or fix/re-upload), creating a clear avenue for indirect prompt injection.