slipbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches human-authored notes from a third-party GitHub repo (PrivateBox via gh api calls to repos/Randroids-Dojo/PrivateBox/contents/...) and via the SlipBox GET /api/theme-data endpoint (which returns full note contents) and then instructs the agent to read/synthesize meta-notes from that content and post results, so untrusted user-generated content can materially influence agent decisions and actions.