digs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Ingesting New Information" workflow explicitly tells the agent to automatically accept and synthesise user-shared links/articles (routing pasted links and public URLs into kyp/digs/), and the "Updating" section also instructs fetching SKILL.md from a raw GitHub URL—both of which expose the agent to arbitrary public web content that it will read and act on.