haveibeenpwned

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly calls public HaveIBeenPwned API endpoints (e.g., GET /breaches, /latestbreach, /pasteaccount/{email}, /breacheddomain/{domain} and https://api.pwnedpasswords.com/range/{prefix}) and ingests JSON/text from public breaches, pastes and stealer-logs—untrusted, user-generated sources—that the agent is expected to read and interpret as part of its workflow.