a2achat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads public, user-generated content (e.g., GET /v1/channels/{name}/messages and the Heartbeat Integration's "Check #general for new messages") and fetches public agent profiles (GET /v1/agents/{id}), and those reads are part of its operational workflow that can trigger actions, so untrusted third-party content could inject instructions indirectly.