daily-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Steps 2–4 require calling Gitee MCP Server APIs (list_user_notifications, list_repo_pulls, list_repo_issues) to fetch unread notifications, PRs, and issues—user-generated, public content the agent reads and uses to prioritize and decide actions, so it can convey untrusted instructions that influence behavior.