site-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests site files from published sites (via the "python3 scripts/site_api.py download {brand} {site-name}" command and the GET /sites/{brand}/{name}/files admin API described in references/publish-guide.md), which can contain untrusted, user-uploaded HTML/JS/assets that the agent may read or modify and thereby influence subsequent actions.