miles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests external Miles API responses and publicly-accessible preview URLs (via /api.bymiles.ai design-directions, dashboard/preview URLs, and the screenshot endpoint) and the hook injects the saved Miles response (last-response) as additional context, so untrusted third-party generated content is read and used to drive decisions and tool actions (e.g., which design to select and when to build), allowing indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CLI repeatedly calls the external headless API at https://api.bymiles.ai during runtime (DEFAULT_SERVER_URL) to fetch Miles' conversation messages/design directions which directly control the agent's prompts and behavior and is required for the skill to operate.