create-grant-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Finding the Grant UID" workflow explicitly fetches project and grant data from the public Karma API (e.g., ${BASE_URL}/v2/projects?q=... and /v2/projects/.../grants) and instructs the agent to read and use project/grant details (titles/text) to choose a grant and generate update content, so untrusted user-generated content from those endpoints could influence agent decisions.