neta-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's demo SPA explicitly fetches and displays user-generated content from the public Neta API (api.talesofai.com) — e.g., GenerateAPI.listArtifacts and GenerateAPI.getArtifactDetails in assets/demo-spa/api.js which app.js's openArtifactModal shows (including artifact input/prompt) and SKILL.md's core workflow directs calling platform APIs — meaning untrusted third‑party content is ingested and can be reused to influence subsequent actions or prompts.