llm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports loading and inserting arbitrary public web content into prompts (e.g., "llm -f https://llm.datasette.io/robots.txt" and "llm -t $URL"), plus plugins for loading templates from GitHub (llm-templates-github) and fabric/GitHub content, meaning the agent fetches and interprets untrusted, user-controlled third-party content as part of its workflow.