glitchtip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and using data from public GlitchTip endpoints (e.g., "Discover Org & Project Slugs" with curl to https://<GLITCHTIP_DOMAIN>/api/0/projects/ and downloading https://glitchtip.com/assets/docker-compose.sample.yml), meaning the agent is expected to ingest and act on untrusted third‑party instance content that can materially change subsequent tool use or decisions.