poke

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents sending arbitrary webpage selections/URLs and external webhook payloads to the user's Poke agent (see references/use-cases.md "Desktop capture" and references/send-message.md / references/send-webhook.md), which means untrusted third‑party content can be ingested and could influence the agent's decisions or actions.