moltbook-enclave

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's moltbot.py clearly fetches public, user-generated Moltbook posts from https://www.moltbook.com/api/v1 (see moltbot.py and SKILL.md/run_enclave.sh), and an isolated enclave agent reads/processes that feed (~/.moltbook/enclave/raw_feed.json) to produce digests that can materially influence subsequent agent decisions, so it exposes the agent to untrusted third-party content that could enable indirect prompt injection.