daily-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow and scripts explicitly fetch and parse user-generated content from third-party sources—e.g., GitHub activity via gh API in scripts/get-activities.sh and Slack DM messages in the "Get Meetings from Google Calendar" section of SKILL.md—and the agent ingests and uses that content to compose and ultimately post a GitHub Issue, so untrusted content can influence behavior.