dev-pain-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md "Step 2 — Parallel scraping" (and the Security notes) explicitly instructs TinyFish agents to fetch and ingest live posts from Reddit, Hacker News, dev.to, and GitHub Discussions and then uses those user-generated posts as input for theme grouping and product recommendations, so untrusted third‑party content can directly influence agent decisions.