last30days

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly runs a research script that fetches public Reddit, X, YouTube, TikTok, Instagram, Hacker News, Polymarket and web content (e.g., "The script will automatically: ... YouTube transcripts, TikTok captions, Instagram captions, HN comments") and then requires the agent to synthesize and follow those findings (e.g., "If research says to use a specific prompt FORMAT, YOU MUST USE THAT FORMAT"), so arbitrary, user-generated third‑party content can directly influence tool use and next actions.