atk-ux-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses untrusted, user‑generated content from public sites — e.g., Reddit JSON API calls shown in SKILL.md and implemented in scripts/atk_research.py, firecrawl scrapes of App Store/Google Play, and Trustpilot/BBB scrapes and Exa web searches — and then ingests and synthesizes those results into reports and next actions, which could allow indirect prompt-injection from third-party content.