tidbx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs fetching a public install script from https://raw.githubusercontent.com/tidbcloud/tidbcloud-cli/main/install.sh and requires running commands such as ticloud serverless region, ticloud project list, and ticloud serverless list whose outputs come from public TiDB Cloud endpoints (potentially user-provided names/fields) that the agent is expected to read and render, creating a vector for indirect prompt injection.