bearblog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly navigates to and evaluates public Bear Blog pages (e.g., https://.bearblog.dev/dashboard/posts/... and https://bearblog.dev/), including steps that read post header/body and list posts via evaluate/snapshot in examples/browser-api-reference.md and post-workflow.md, thereby ingesting untrusted, user-generated blog content that could contain instructions influencing subsequent actions.