ads-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests untrusted, public third‑party content (Reddit posts via curl, Hacker News via the Algolia API, and arbitrary vendor changelog URLs and web search results via WebFetch/WebSearch) as required runtime inputs that are parsed and used to generate digests and drive file-writing behavior, so external content could indirectly inject instructions that affect the agent's outputs and actions.