first-1000-users

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated content from public sources — e.g., SKILL.md and reddit_search.py/Phase 2 (“Search Reddit via API…”), Phase 3 (“READ entire thread (OP + all replies)”) and slack_monitor.py — and uses those threads/messages to drive scoring, DM/reply decisions and draft generation, so third‑party posts could inject instructions that materially change agent behavior.