cubox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests untrusted third‑party web content (saved web pages and bookmarks) via commands like "cubox-cli save", "cubox-cli card rag --query" and especially "cubox-cli card detail" (see SKILL.md Save Web Pages, RAG Semantic Search, and Get Card Detail / RAG workflow), and those returned fields (content, annotations, insight) are read and used to summarize, re-rank, and drive agent actions—so external page content could indirectly inject instructions.