clinkding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Agent Workflows explicitly instruct the agent to call the "summarize" skill on arbitrary user-provided URLs (e.g., "summarize url https://example.com") to extract titles/descriptions and infer tags, which means the agent fetches and interprets untrusted third-party web content as part of its workflow and uses that content to drive bookmarking actions.