lev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and injects external/public content (e.g., "lev get" with --depth=research / "lev://research", and protocol handlers like workshop://intake/github and workshop://intake/youtube) into the agent's runtime context and uses those results to route actions and state transitions (see Workflows and Protocol Handler Resolution), so untrusted third‑party content can influence decisions and tool use.