open-terminal-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and API expose endpoints that fetch and execute untrusted web content—e.g., POST /files/upload supports a user-provided "url" to download arbitrary URLs, POST /notebooks/{id}/execute allows executing notebook "source" (override), and /proxy/{port}/{path} can forward HTTP traffic—so third-party content can be ingested and materially influence execution and subsequent agent actions.