case-radar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly scans and ingests public third‑party content (via WebSearch/Agent scan, curl/gh API pulls from public GitHub raw files, and agent-browser open/screenshot of arbitrary public pages including marketplaces, blogs, and YouTube) as core runtime inputs and then uses that content to decide recon/capture actions and what to include in the HTML output, so untrusted user‑generated web content could indirectly inject instructions that change agent behavior.