product-hunt-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using infsh apps like tavily/search-assistant and exa/search (e.g., "infsh app run tavily/search-assistant --input '{ "query": "Product Hunt top launches this week SaaS tools" }'") to fetch and research public Product Hunt/community web content, meaning the agent will ingest untrusted third‑party pages and summaries that could contain malicious instructions influencing decisions.