unreal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the client connecting to an external ServerUri and explicitly subscribing to remote "public tables" (Conn->SubscriptionBuilder()->SubscribeToAllTables() / Subscribe(Queries)), meaning the agent ingests and acts on database rows from arbitrary remote servers which could contain untrusted, user-generated content that influences callbacks and behavior.