affiliate-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bootstrap and skill workflows explicitly instruct the agent to call and scrape the public Affitor directory (see prompts/bootstrap.md, API.md, SKILL.md and Quickstart.md – e.g. GET https://list.affitor.com/api/v1/programs and the “web_fetch” fallback for list.affitor.com pages), so the agent ingests untrusted, public/user-submitted content from third‑party pages and API responses that directly drive program selection and downstream actions—creating an indirect prompt‑injection risk.