slate-ar-recipe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill runs Codex Autoresearch CLI commands (recipes list/recommend/show/setup-plan/doctor) which typically fetch/ingest recipe catalog text at runtime from external sources (outsider-authored public/community recipe metadata), and that readable text can be fed into the agent’s LLM context via the tool’s outputs.