gobi-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks for and automatically fetches/ingests content from user-provided homepages/blogs and arbitrary web pages (1-1 homepage/blog fetch, 1-2 web clippings with example external article links and Ingest/Clippings folder), and also includes a news-briefing feature that pulls public news/papers (2-1 and Post-boarding web clipper), so the agent will read and interpret untrusted third-party web content as part of its workflow.