complete-milestone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches project, grant, and milestone JSON from the public Karma API (BASE_URL /v2/projects and /v2/projects/…/grants) and parses that user-generated/untrusted data to select milestone UIDs that the agent will act on, so third-party content can materially influence subsequent actions.