substack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's chat-reply flow (SKILL.md, "ユースケース3: チャットスレッドの新着返信を処理する") calls chat_check.py to fetch new Substack chat replies (user-generated/public comments) as JSON, which the agent is expected to read, interpret, and use to draft and post replies—allowing untrusted third-party content to influence tool actions.