harper-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's rules explicitly instruct creating Resources that fetch and ingest data from external third-party APIs (e.g., rules/caching.md shows fetch('https://api.example.com/items/${id}') and tables.MyCache.sourcedFrom(ThirdPartyAPI), and rules/vector-indexing.md calls external embedding services like OpenAI/Ollama), meaning untrusted external content is read and used to drive application behavior.