cellcog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows cloud processing that "Searching for quantum computing research papers" and "I've analyzed 47 sources" (in the create_chat/progress/completion examples), which indicates the agent fetches and ingests open/public third‑party sources and uses them to drive its analysis and outputs, enabling indirect prompt injection risk.