facebook-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests public, user-generated Facebook and other social/web content via the PostPlus hosted collection and discovery flows (see SKILL.md and internal/public-content/scripts/lib/public_content_common.mjs which calls runHostedCapabilityRequest with capability "public-content-collection" and discover_public_urls_with_mcp which builds web-search queries), so untrusted third-party posts/pages are fetched and then normalized/summarized as part of the workflow.