deepvista

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows ingesting arbitrary public webpages (e.g., notes.md shows piping curl into deepvista notes create --content-file -) and then instructs the agent to read/summarize/synthesize those notes into persona/workflow skills (skill-create-from-note.md and chat.md), so untrusted third‑party content can be interpreted and materially influence subsequent tool use and behavior.