yao-geoflow-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and preflight script explicitly fetch and ingest responses from a user-specified GEOFLOW_BASE_URL (e.g., GET /api/v1/catalog and article/task endpoints shown in scripts/geoflow_preflight.sh, SKILL.md, and references/laravel-api-v1-docker.md), and those untrusted workspace API responses (including article content or HTML proxy pages) are read and used to decide actions like stopping tasks, creating drafts, or correcting base URLs—exposing the agent to indirect prompt-injection risk.