idea-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "Fetch the content" for links, articles, and tweets (e.g., "web fetch for articles, API for tweets") and to ingest and analyze user-shared URLs, meaning the agent will read untrusted public web and social-media content as part of its workflow that can change filing, analysis, and actions.