soul

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to browse and ingest the repository's data/ content (e.g., data/x — "Twitter/X archive", writing/ and other user-generated material) as grounding and to analyze it when building SOUL.md (BUILD.md and data/_GUIDE.md / SKILL.md describe "browse" and "analyze" of these raw social/blog content), so untrusted third‑party/user‑generated content is read and used to drive the agent's decisions and behavior.