honcho-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and uses user-generated conversation data from Honcho (via peer.chat, session.context(), and the query_user_context tool described in SKILL.md and implemented in references/bot-frameworks/nanobot/session.py and honcho_tool.py), and injects those results into agent prompts or tool decisions, so untrusted third‑party content can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls Honcho via its SDK at runtime (peer.chat() and session.context()) to fetch user-context that is injected into system prompts, so external content from Honcho (see https://app.honcho.dev and https://docs.honcho.dev) directly controls agent prompts.