comind-cognition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and displays public, user-generated ATProtocol records by calling the PDS xrpc com.atproto.repo.listRecords/getRecord endpoints (see the README curl example and the scripts/cognition.py _list/cmd_list/_get functions), so it ingests untrusted third‑party social content and prints/interprets those records as part of its workflow.