smart-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md routing and the references (e.g., references/sources-social.md and references/*) explicitly direct the agent to run opencli against public, user-generated sites (twitter, reddit, weibo, xiaohongshu, google, etc.) and to read/interpret those live third‑party outputs as part of its workflow, exposing it to untrusted content that could inject instructions indirectly.