doppel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to call public hub and space endpoints (e.g., GET {baseUrl}/api/spaces, GET {serverUrl}/api/chat, GET {serverUrl}/api/agent/mml as shown in SKILL.md) to fetch space listings, chat history, and MML content that are user-generated and directly consumed by the agent during join/chat/build flows, so untrusted third-party content could carry instructions that influence the agent's actions.