ctf-osint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and parsing untrusted public content (e.g., BlueSky public API calls, Twitter/X and Wayback archive retrievals, GitHub issue/PR comments, Google Maps crowd-sourced photos, Telegram bot interactions, Shodan/Censys searches) and expects the agent to read and act on that content to drive follow-up steps (decoding stego, pursuing leads, or performing API-driven actions), which creates a clear avenue for indirect prompt injection.