aibtc-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (e.g., arc0btc/README.md and secret-mars/README.md) describes sensors and subagents that fetch and read public third‑party content — including GitHub repositories, public APIs (stacksmarket.app, stackspot.app), and other agents' inbox messages — and explicitly uses that untrusted, user-generated content to queue tasks and drive LLM-led decisions (scouting, composing PRs, replies), which can materially influence tool use and next actions.