last30days

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public third‑party content (e.g., scripts/lib/openai_reddit.py issues OpenAI web_search calls targeting reddit.com, scripts/lib/reddit_enrich.py uses http.get_reddit_json to fetch Reddit thread JSON, and output_result prints "WEBSEARCH REQUIRED" instructing Claude to run WebSearch on blogs/docs), and that untrusted web/social content is synthesized and used to drive ranking, summaries, and prompt-generation decisions.