poke-recipes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's recipe workflow requires adding third-party integrations (e.g., GitHub) and explicitly instructs the agent to scan user integration data ("scan your last 24h of issues and propose tickets") and seed the agent with onboarding context when a user installs a public recipe link, so the agent will fetch and act on untrusted, user-generated content from external integrations (references/onboarding-context.md and references/create-in-kitchen.md).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The public install URL (e.g., https://poke.com/r/ — and partner variants like https://poke.com/) is used at runtime to launch a recipe and "seed the agent with your onboarding context" (i.e., the system/first-message prompts), so it is an external runtime dependency that directly controls agent instructions.