building-with-hypercerts-lexicons

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This guide instructs building apps that read and write Hypercerts data on the public AT Protocol (e.g., connecting an Agent to https://bsky.social and consuming "raw lexicons published on ATProto" and at:// URIs and external attachment URLs shown in the SKILL.md), which clearly involves ingesting untrusted, user-generated third‑party content that the agent may read/interpret at runtime (including CEL expressions and record references), creating a pathway for indirect prompt-injection.