aeon-narrative-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly ingests external public sources — e.g., "WebSearch — DefiLlama, Kaito mindshare, broader web" and optional "xAI x_search" caches — and requires the agent to read and interpret those live third‑party signals to determine narrative phases and positions, which could allow indirect prompt-injection via untrusted, user-generated web content.