tapd-openapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated TAPD content (e.g., Wiki pages via scripts/search_wiki.py which syncs /tapd_wikis into ~/.tapd-wiki-cache, and APIs like /comments, /tapd_wikis, /stories that return user-authored text) and the SKILL.md / references describe reading and searching that content as part of normal workflow, so untrusted third-party content can influence the agent's outputs and subsequent API actions.