ctf-osint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret untrusted, user-generated public content from open web sources—e.g., BlueSky public API endpoints, Twitter/X/Nitter/Wayback archives, Tumblr avatars/pages, Google Maps user-submitted photos, Strava activities, GitHub issue comments, Overpass Turbo/OSM queries, and Telegram/Discord endpoints—as part of its workflow (see SKILL.md and social-media.md), and those third-party contents are used to decode steganography, extract flags, or drive follow-up actions, creating a clear risk of indirect prompt injection.