ats

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The CLI clearly fetches and ingests user-generated tasks/messages from the ATS server (default https://ats.difflab.ai) — see SKILL.md patterns and index.js commands (list/get/message/watch) that read task descriptions, payloads and message parts and then drive claiming/completing/escalation workflows — so untrusted third-party content can materially influence agent decisions and actions.