bun-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md includes examples that fetch and ingest arbitrary public web content (e.g., "Read from URL" with Bun.file('https://example.com/data.json') and the "Data Pipeline" example using $curl -s https://api.example.com/data.json()), demonstrating the agent will read and act on untrusted third‑party content at runtime.