bubbletea

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md includes a fetchData command that performs http.Get on arbitrary URLs (shown in the "Commands and Messages" and "Batch Commands" examples, e.g., fetchData and fetchData("https://api.example.com")), which ingests open web content into the model (m.data) that the Update flow reads and can influence UI/behavior, exposing the agent to untrusted third‑party content.