vuln-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s runtime workflow explicitly fetches and ingests outsider-authored free text from public sources (e.g., NVD, vendor advisories, GitHub Security Advisories, CISA KEV, EPSS pages, Exploit-DB, GreyNoise, and Twitter/Mastodon) in Step 1/5, which would be readable prose fed into the agent’s LLM context.