mirror

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly describes features that fetch and ingest arbitrary external URLs (e.g., _gs_fetch_abi(url, type) for ABIs, external handler transforms with user-provided "url" endpoints, and webhook sinks), which are untrusted third-party inputs the pipeline will read/interpret and whose responses can alter transforms/sinks and thus influence runtime behavior.