halo-cli-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly runs searches against public Halo sites (e.g., “--url targets a public Halo site directly”) and instructs using --json when another tool should parse results, so untrusted user-generated site content would be ingested and could influence subsequent tool actions.