holmesgpt-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill includes integrations that ingest public/untrusted content (notably the "internet" toolset/web search, GitHub integration for issues/PRs, and custom toolsets that can curl arbitrary URLs), and the agent is expected to read and analyze those external pages/issues as part of its investigation workflow, which can enable indirect prompt injection.