flyclaw-flight-search-zero-login

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and README explicitly state the skill performs multi-source aggregation by fetching live data from public third‑party APIs/websites (Fliggy, Google Flights via fli, Skiplagged, FlightRadar24, Airplanes.live/ADSB.lol) and even supports updating airports from an external URL (update-airports --url), so the agent consumes untrusted public content that can materially influence its decisions and tool actions.