hormuz-strait

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md Step 1) explicitly instructs the agent to fetch and parse public JSON from https://hormuzstraitmonitor.com/api/dashboard, including untrusted fields like news, diplomacy, and crisisTimeline that are used to produce risk assessments and drive next actions, which could enable indirect prompt injection.