spark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 4 explicitly requires running the bundled Tavily search tool (./spark/tools/tavily-search "<query>") which returns JSON including content scraped from public websites/marketplaces (e.g., Gumroad) and the agent is instructed to parse that untrusted, user-generated third-party content to inform idea selection and market/research decisions.