yc-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and parse public JSON from https://yc-oss.github.io/api/ (see Step 3 "Base URL" and references/api_reference.md) and to read fields like one_liner and long_description from companies/*.json — untrusted public text that the agent interprets and uses to drive summaries, filters, and next actions.