miles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly ingests and acts on Miles' service responses (via the CLI and the PostToolUse hook in scripts/miles-cli.mjs and SKILL.md), including plain-text briefs, questions, and publicly accessible design preview URLs returned by the /api/v2/headless/conversations/* and design-directions endpoints, which the agent is required to read and which drive tool use (AskUserQuestion, screenshots, select-design-direction, builds), so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CLI calls the runtime API at https://api.bymiles.ai to fetch Miles' responses and preview URLs which are injected into the agent context (see the PostToolUse hook writing "Miles response:..."), so remote content from that URL directly controls prompts and is a required runtime dependency.