agent-on-demand-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Session resources (GitHub repos)" section and the curl examples show that POST /sessions accepts arbitrary public GitHub repository URLs which are cloned into the Sprite and used (e.g., "summarize the README"), so the agent will fetch and interpret untrusted third‑party content that can materially influence its outputs and actions.