discord

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read and fetch Discord messages (e.g., the "readMessages" and "fetchMessage" actions, including accepting messageLink URLs) which are user-generated/untrusted third-party content that the agent will interpret as part of its workflow, allowing those messages to materially influence subsequent actions.