ashby

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The CLI explicitly fetches user-generated candidate notes, application history, feedback, and interview schedules from the Ashby API (see src/ashby-api.ts and the "ashby application feed" flow in SKILL.md/README which calls candidateListNotes, applicationListHistory, applicationFeedbackList, etc.), and that untrusted third‑party content is parsed and used to build feeds that can materially influence subsequent decisions or mutations (e.g., stage changes), so it could enable indirect prompt injection.