ghost-theme

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes live Content API queries via the {{#get}} helper (references/03-helper-api.md) and includes required workflows that run a headless browser against a Ghost instance (base-template/CLAUDE.md and AGENTS.md mention Bun.WebView and setting GHOST_URL to test arbitrary instances), which means the agent will fetch and interpret user/site-generated content from external sites that could carry untrusted instructions.