kairos-bundle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches user-generated protocol markdown from the KAIROS API endpoints (/api/kairos_spaces and /api/kairos_dump) and also reads arbitrary .md files from a target directory for import (/api/kairos_mint/raw), so it ingests untrusted third-party content as part of its required workflow which can change system state and thereby influence subsequent actions.