hatchet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows a workflows/api-sync.ts example that does fetch(apiEndpoint).then(r => r.json()) (ingesting arbitrary external API/URL data) and the Examples section describes "scrape data → process → generate report", which means untrusted public web or API content is read and used to drive downstream workflow/LLM actions—allowing indirect instruction injection.