hackathon-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external, user-generated event data via the /api/public/import/luma endpoint (see references/workflow-examples.md and references/api-endpoints.md) and also reads public hackathon/submission data which the agent is instructed to parse and act on, so untrusted third-party content can influence subsequent API actions.