lx-sh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports MCP remote mode (e.g., lx sh --space "https://lexiangla.com/spaces/sp_xxx") and built-in commands like cat/grep/search/mcp that fetch and read remote /kb content via MCP APIs, meaning the agent ingests untrusted, potentially user-generated third-party content and can use those results to drive subsequent commands—creating a clear avenue for indirect prompt injection.