agentos-api-sessions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and script (SKILL.md and scripts/manage_sessions.py) call AgentOS endpoints (e.g., GET /sessions/{session_id}/runs via client.get_session_runs and use session history in client.run_agent with a session_id), which fetches arbitrary user-generated session/run content from remote AgentOS servers that the agent reads and can use to influence subsequent behavior.