keriox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows runtime OOBI resolution and transport calls that fetch and parse arbitrary LocationScheme/ OOBI URLs (see Transport::request_loc_scheme, Transport::resolve_oobi, DefaultTransport GET /oobi/{eid}, and ControllerConfig.initial_oobis in the Component Startup Checklist), meaning the agent will retrieve and interpret untrusted public third-party web content which can influence actions like resolving identities, adding watchers, and processing events.