scry-people-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill's SKILL.md explicitly instructs the agent to query public Scry corpora (e.g., SELECT from scry.mv_high_score_posts and scry.entities, scry.search_ids) which contain user-generated content from open sites (lesswrong, eaforum, hackernews, twitter/X) and to interpret/rerank those results and lift them to authors, so untrusted third-party content is fetched and directly influences the agent's decisions and actions.