hosted-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests third-party web content (e.g., "Chrome Extension" that extracts DOM and React internals from pages) and also processes user-generated messages (Slack classification and repository cloning/reads) as part of its runtime workflow, allowing untrusted content to be read and influence agent decisions.