neta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs routing to sub-skills that fetch and browse community content (e.g., "Community browsing and interactions: neta-community" with duties like "Fetch interactive recommendation feeds", "View collection details", and "Browse community content"), which are user-generated/open feeds the agent would read and act on and thus could carry indirect prompt-injection content.