ontopo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly queries Ontopo's public API (https://ontopo.com/api) in scripts/ontopo-cli.py (endpoints like /venue_search, /slug_content, /availability_search) and ingests/displayes live venue pages, menus and user-provided content from the open web, which the agent reads and interprets as part of its workflow—exposing it to untrusted third-party content and potential indirect prompt injection.