weread

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated public content (e.g., "weread --json reviews list " and popular highlights described in references/domain-rules.md) and the SKILL.md Error Handling section tells the agent to "stop immediately and follow upgrade_info.message" on an "upgrade_required" response from the upstream API, so untrusted third-party content can be read and directly influence agent actions.