people-graph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and identity-schema explicitly instruct querying Scry views (e.g., scry.entities, scry.person_aliases, scry.people) which ingest public/user-generated sources like Twitter, GitHub, LessWrong, HackerNews, Substack, etc., and the recipes use those retrieved bios/posts/profiles as evidence for identity resolution and downstream workflows—i.e., the agent is expected to read and act on untrusted third-party content from the open web.