websh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill explicitly fetches and ingests arbitrary public web pages and user-generated content (via cd <url>, eager prefetch/crawl, and background haiku extraction that writes .websh/cache/{slug}.html and .parsed.md), citing examples like news.ycombinator.com and x.com and thereby having the agent read and interpret untrusted third‑party web/forum/social content as part of its workflow.