quote0-dot-screen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (api_client.py calling https://dot.mindreset.tech/api/authV2 and callers such as scripts/list_tasks.py, scripts/device_status.py, and scripts/list_devices.py) fetch device tasks/status from a third‑party API and surface user-provided fields (message, title, icon, link, images) that the agent is expected to read/format, exposing it to untrusted third‑party content and potential indirect prompt injection.