project-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's canonical pipeline and Case Study 1 explicitly instruct acquiring and parsing open web content (e.g., "Acquire: Fetch raw data from sources (APIs, files, databases)" and the Karpathy HN Time Capsule case: "Download HN frontpage via HTTP" and "Fetch comments via Algolia API"), which clearly ingests untrusted, user-generated third‑party content that the agent reads and uses to build prompts and drive analysis—enabling indirect prompt injection risks.