trip-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s workflow explicitly creates a GitHub issue body that includes a “Visual review board” section sourced from the visual-review-board sub-skill, which (per its purpose) fetches/reads destination-specific photo content at runtime from external sources (e.g., public web/image URLs), thereby feeding outsider-authored free text/metadata into the LLM context via that sub-skill’s ingestion path.