responding-to-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's "Queue Notifications" step explicitly fetches unread mentions/replies (saved to drafts/queue.yaml) from Responder V2 / comind/ATProtocol social feeds and instructs the agent to read the incoming messages (author, text) and draft replies, which is ingestion of untrusted user-generated third-party content and could enable indirect prompt injection.