ontopo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's CLI and client code (scripts/ontopo-cli.py) explicitly query Ontopo's public API (BASE_URL = https://ontopo.com/api) and SKILL.md states it "queries APIs that power the website", so the agent ingests live third‑party venue/menu/availability data that it parses and uses to drive recommendations, booking links, and automated checks—meeting the criteria for untrusted external content that can influence actions.