ctf-osint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and parse open/public user-generated content (e.g., references/social-media.md and references/geolocation-and-media.md show use of public APIs and pages such as BlueSky/Tumblr/Strava, Google Maps user-submitted Photos, Wayback Machine and Discord API) and to interpret that content to drive decisions (decoding homoglyph stego, choosing follow-up queries, submitting panorama IDs), which clearly exposes the agent to untrusted third-party content that could contain indirect prompt injection.