happy-app-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly instructs Claude to read and interpret files like strings/.urls.md, strings/.domains.md and endpoints.md (see Phase 4 in SKILL.md and scripts/classify_strings.ts / scripts/match_fingerprints.ts and lib/card.ts), which contain arbitrary URLs/domains and other literals extracted from target app binaries (untrusted third‑party content) and are then used to build the endpoint_table and card_prompt.md that materially drive downstream outputs and tool calls.