contacts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's enrichment pipeline explicitly fetches and synthesizes content from open/public third-party sources (e.g., "fans out across 7 sources (Slack, Roam, web/GitHub,...)" and the "Web presence" and "Website crawl (defuddle)" steps plus GitHub, X/Twitter, podcast RSS and Google Alerts described in SKILL.md), and that untrusted user-generated web/social content is read and used to drive LLM synthesis and write decisions into the Vault—enabling indirect prompt injections.