btca-ask

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow explicitly says the agent should read btca.config.jsonc to discover resources and (after user confirmation) run btca to query external/upstream sources and docs, which are third-party public content the agent will ingest and could contain untrusted instructions.