daytona-companion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's manager actively executes commands in and reads files from remote Daytona sandboxes and preview URLs—see scripts/daytona-manager.mjs (handleExec, readRemoteText, handlePull/handlePreview) and the SKILL.md workflows that pull stdout/stderr and artifacts—so it ingests arbitrary sandbox/user-generated content which the agent is expected to read and which could influence subsequent actions.