ghost-blog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (e.g., ghost_core.api_request called from posts_browse.py, posts_crud.py, posts_bulk.py and tags_manage.py) fetch posts, tags, newsletters, and HTML content from a configured GHOST_URL (the Ghost Admin API) — i.e., arbitrary blog content/user-generated data — and the agent reads and acts on that content (filters, searches, bulk updates, publish/unpublish decisions), so untrusted third‑party content can materially influence behavior.