helicone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly queries the Helicone API (e.g., POST https://api.helicone.ai/v1/request/query and GET https://api.helicone.ai/v1/request/) to retrieve stored request/response bodies and custom properties—which are user-generated/untrusted content—and the SKILL.md shows workflows that parse and act on those results, so third-party content can influence decisions or actions.