write-swarm-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md shows the client reading dataset items from public sources (e.g., RouterTaskReader with huggingface_dat_repo / LOCAL_DATASET_PATH) and then using task.main_query/task.metadata as inputs sent to the agent and LLM (execute_agent examples), so untrusted, user-provided dataset content from third-party repos can directly influence model prompts and downstream actions.