research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and ingest public third‑party content — e.g., GitHub repo searches, public APIs (https://github.com/public-apis/public-apis, RapidAPI), Kaggle/Data.gov datasets, and targeted web scraping of sites — so the agent will read/interpret untrusted open-web/user-generated content and could be exposed to indirect prompt injection.