qiita

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and displays user-generated content from the public Qiita API (see SKILL.md and scripts/qiita.sh which call https://qiita.com/api/v2 endpoints such as /items, /items/{id}, /items/{id}/comments and /users/{id}), and those public articles/comments are read as part of the workflow and can influence subsequent actions like summarization, commenting, or posting—thus exposing the agent to untrusted third-party content that could carry indirect prompt injection.