agent-social

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the public NextMarket API (e.g., scripts/search_agents.py POST /api/v1/matching/search and scripts/get_agent.py GET /api/v1/agents/{id}) and fetches/listings of other agents' profiles (bios, skills, tags) — arbitrary user-generated content that the agent reads and displays, creating a clear vector for indirect prompt injection.