research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s required workflow explicitly “Search public sources” (Reddit, X/Twitter, Hacker News, Stack Overflow, GitHub issues/discussions, forums/blogs/reviews/YouTube comments, developer communities), which are outsider-authored free text fetched at runtime and then ingested into the agent’s LLM context for summarization/citation.