pinch-to-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and synthesizes content from the configured WordPress site and external captures (e.g., wp-pinch/get-post, wp-pinch/list-comments, wp-pinch/search-content, wp-pinch/site-digest, PinchDrop/web-clipper) as part of workflows like what-do-i-know, ghostwrite, and create-post, meaning untrusted/user-generated pages and comments from the target site can be ingested and materially influence agent actions.