orbit-general

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says the skill "pulls the past 24 hours of activity from every authenticated connector (GitHub, Linear, Notion, Slack, Gmail, Drive, Sentry, Vercel, …)" and the shipped example.html shows those live connector items being parsed and rendered, so the agent will ingest user- and third-party-generated content (messages, PRs, docs, alerts) and use those fields to choose UI, Top‑3 items and links — meaning untrusted external content can influence runtime behavior.