building-glamorous-tuis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes explicit examples that fetch and render arbitrary public URLs (e.g., "glow https://raw.githubusercontent.com/.../README.md" and "glow stash https://example.com/article.md") and shows rendering that content in TUIs (glamour.Render / viewport.SetContent and chat rooms over Wish), so it clearly ingests untrusted, user-generated third‑party content that the agent/app is expected to read/interpret.