nostr-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly connects to public Nostr relays (e.g., SimplePool.subscribeMany / pool.querySync and Relay.connect to wss://relay.damus.io, nos.lol, etc.) and receives/parses user-generated events and profile content from those relays, so it ingests untrusted third-party content the agent would read.