project-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly calls the public Karma API (e.g., https://gapapi.karmahq.xyz in "Looking Up Data" and the various action workflows) and requires the agent to read API responses to resolve UIDs, inherit chainId, and preserve/update fields, so untrusted user-generated project/grant data from that third‑party API could materially influence subsequent actions.