kh-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to perform web searches (Startup Checklist: WebSearch "hetzner cloud server types pricing 2026") and to fetch public GitHub issues/discussions via gh/gh api (GitHub (Live Data)), which are untrusted, user-generated third-party sources the agent is expected to read and use to drive configuration/debugging decisions.