passport

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md shows runtime ingestion of untrusted, user-generated third-party content via OAuth/provider profiles and API calls (e.g., GoogleStrategy, GitHubStrategy, DiscordStrategy and the "Store Access Tokens" / getGoogleCalendar fetch) which the app reads and uses to create/link accounts and drive logic, so external profile/API data can influence behavior.