fastlike

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs agents to clone and read the public fastlike GitHub repository (e.g., "git clone https://github.com/avidal/fastlike.git ~/src/fastlike" and "When you have access to the fastlike source code locally ... use these paths to answer specific Compute questions" in SKILL.md), meaning it expects reading untrusted third‑party content that can materially influence tool use and decisions.