heartbeat-cron

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs the agent to fetch and parse untrusted public web content as part of its workflow (e.g., curl to Hacker News API and arbitrary changelog/release URLs, web searches, use of WebFetch/agent-browser/pi-browser and user-provided URLs), so the agent will read and interpret third-party/user-generated content that could carry indirect prompt injections.