honcho-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated conversation data from the Honcho service (e.g., peer.chat, session.context, peer.chat_stream, and session.upload_file calls in SKILL.md Pattern A/B/C and references/bot-frameworks/nanobot/session.py), and those results are injected into prompts or exposed to the agent as a tool, so untrusted third-party user content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses the Honcho SDK at runtime (requiring HONCHO_API_KEY obtained from https://app.honcho.dev) to call peer.chat() and session.context(), whose returned content is injected into agent prompts, so remote content from that external service directly controls the agent's prompts.