newsletter-curation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md's Content Sourcing and Quick Start explicitly instruct the agent to run belt app searches (e.g., tavily/search-assistant, exa/search) and to pull content from public sites including reddit, Twitter threads, and other web pages, meaning the agent ingests untrusted user-generated web content that it must read and use to drive curation decisions—creating potential for indirect prompt injection.