community-skill-radar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses user-generated Reddit content from Reddit's public JSON API (see fetch_subreddit/fetch_search in radar.py and SKILL.md's note about reddit.com//search.json), and it uses those untrusted posts/comments to extract pain points and score proposals that drive actions and decisions—creating a clear path for indirect prompt-injection via third-party content.