subway-info

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill regularly fetches and parses live responses from the public API at https://subwayinfo.nyc (see scripts/arrivals.sh, trip.sh, alerts.sh and the SKILL.md REST examples), and it extracts and uses returned .content[0].text (e.g., to resolve station IDs and drive follow-up API calls), so untrusted third-party responses can materially influence tool behavior.