newsletter-curation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Content Sourcing" section clearly instructs running belt app commands (e.g., belt app run tavily/search-assistant and exa/search with examples like site:reddit.com) to fetch open web and social/forum content that the agent is expected to read and use for curation, so untrusted third‑party text could influence its actions.