callfire

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly exposes CallFire data (e.g., "List Texts", "Get Text", "Get Call", "List Calls" in SKILL.md) so the agent can fetch and read untrusted, user-generated messages/recordings from a third-party service and then use actions like "send-texts" or "delete-contact", allowing external content to influence tool use and decisions.