settings

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the settings.ts skill directly fetches and ingests JSON from open/public third-party endpoints (notably the user-controllable check-relay-health fetch to ${relayUrl}/health in the check-relay-health command, plus calls to https://api.hiro.so and the public npm registry), and that returned content is parsed and used to compute the agent's "healthy"/"issues"/updateAvailable outputs which can materially influence decisions.