cubox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests arbitrary public webpages via "Save Web Pages" and returns full card content (markdown) in "Get Card Detail" (SKILL.md), and the required RAG workflow (references/card-rag-workflow.md) explicitly instructs the agent to fetch and read those saved third‑party pages and use their content to drive searches, summaries, and next actions, exposing the agent to untrusted third‑party content that could contain instructions.