update-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches project data from the public Karma projects API (see "Finding the Project UID" curl to ${BASE_URL}/v2/projects) and instructs the agent to "fetch the current details first" to merge updates, meaning untrusted/user-provided project content from the third-party API is read and used to determine subsequent actions.