social-media-posts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Gather Input" workflow explicitly says "If the user provides a file path or URL to existing content, read it first and extract the key messages," meaning the agent will fetch and interpret arbitrary user-supplied/public web content (e.g., blog posts) which can materially influence generation and thus enables indirect prompt injection.