wokitoki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The runtime path cli/server.ts → handleRequest parses the browser-submitted JSON from POST /submit, and cli/index.ts then persists/prints that shaped Result (including user free-text text and quotes) into the agent’s LLM context via the caller reading stdout; this free text is authored by the human user of the UI, i.e., an outsider relative to the operating user’s chosen prompt content.