hackathon-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md directs autonomous agents to fetch and scrape public listings from Devpost, MLH, Luma, and Eventbrite (e.g., the tinyfish agent runs against those public URLs) and then read and interpret user-generated event descriptions to score and recommend hackathons, which lets untrusted third‑party content materially influence the agent's decisions and recommendations.