replicate-theme

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow calls liberate_reconstruct_pages_carry, which loads carried source HTML from html/*.html produced by /liberate (outsider-authored page markup captured from the provided URL) and injects it into the agent’s LLM context as core/html islands (verbatim carry), creating an indirect prompt-injection risk via attacker-controlled HTML/markup.