substracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests data from an arbitrary SUBSTRACKER_URL (see fetch calls in scripts/client.ts: fetch(${cfg.SUBSTRACKER_URL}${endpoint})) and the workflow (SKILL.md and commands like subscriptions.get/list, config.get/update, dashboard.stats) requires the agent to read and act on returned, potentially user-generated fields (notes, webhook templates, config) — so untrusted third-party content can influence subsequent actions.