project-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's canonical "acquire" stage and the Karpathy HN Time Capsule case study explicitly fetch public web content (HN frontpages, article HTML and Algolia comments) and feed that untrusted, user-generated content into LLM prompts for analysis, which can materially influence agent actions and enable indirect prompt injection.