basecamp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs the agent to send requests to Apideck's proxy (https://unify.apideck.com/proxy) with x-apideck-downstream-url set to Basecamp endpoints and states it returns Basecamp's raw responses, so the agent will ingest user-generated/untrusted Basecamp content that could contain instructions affecting subsequent actions.