halo-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to call user-supplied Halo site APIs (e.g., POST {baseUrl}/apis/api.halo.run/v1alpha1/indices/-/search and GET {baseUrl}/apis/api.content.halo.run/v1alpha1/posts/{metadataName}) to fetch and parse public site posts and content (user-generated, untrusted) which the agent reads and uses to drive results and follow-up actions.