ntfy-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly shows subscribing/fetching message streams (e.g., "Subscribing (receiving)" with curl to https://ntfy.example.com/my-topic/sse and JSON endpoints) and examples of messages with click/actions containing URLs (the "With actions (buttons)" example), which are untrusted, user-generated third-party content the agent would read and that could include actionable instructions.