piracy-handler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill reads untrusted capture_results from an external Supabase REST endpoint (scripts/data/result_source.ts using SUPABASE_URL / capture_results) and then directly consumes those rawRows in the detect pipeline (scripts/detect/runner.ts -> scripts/detect/core.ts) to decide hits and trigger downstream actions (create_subtasks/upsert_webhook_plan) as described in SKILL.md, so third‑party content can materially influence decisions.