blog-taxonomy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and CMS adapters explicitly fetch and ingest content from third-party CMS endpoints (e.g., WordPress REST API GET {CMS_URL}/wp-json/..., Shopify GraphQL articles query, Ghost/Strapi/Sanity endpoints) and the Tag Suggestion and Taxonomy Audit steps state the agent reads post content and lists/fetches posts from the CMS, meaning untrusted, user-generated site content is consumed and used to drive actions like tag creation and assignment.