you-can-book-me

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to run actions and proxy arbitrary API requests to You Can Book Me (see "Running actions" and "Proxy requests" sections), which causes the agent to fetch and process third-party/user-generated booking data (booking form fields, notes) that could contain untrusted instructions.