toon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs piping API responses and other command output into the tool (e.g., "curl ... | toon" and "Always when fetching JSON APIs"), meaning the skill routinely ingests JSON from open/public third‑party APIs which could contain untrusted, user‑controlled content that might influence downstream decisions.