product-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and bundled scripts (scripts/search.sh, similar.sh, categories.sh, brands.sh) explicitly call the public Channel3 API (https://api.trychannel3.com) and ingest product/merchant content (including buy links and product IDs) which the agent parses and uses to decide follow-up actions (e.g., choosing IDs, filters, next queries), so it clearly consumes untrusted third‑party content that could carry indirect instructions.