runninghub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the AI Application flow (references/ai-application.md) requires calling runninghub_app.py to list/browse user-created RunningHub AI apps and to fetch each app's node info (via "--list" and "--info WEBAPP_ID"), which ingests untrusted, user-generated third-party content (app titles, descriptions, node fieldValues/descriptions) that the agent must read and which directly determine subsequent --node/--file execution arguments.