hyperstack-consume

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch and stream arbitrary Hyperstack stacks and schemas (e.g., "hs explore --json", HyperStack.connect(ORE_STREAM_STACK), and custom wss://their-stack.stack.usehyperstack.com URLs), which ingests untrusted third-party (user-deployed) content that the agent reads and can drive decisions and actions.