vastai-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows calls like vast.search_offers and SyncClient.search that fetch offers and related fields from the external Vast.ai marketplace (user/host-provided, third-party data) and the examples explicitly read and act on those results (selecting offers, creating instances, using returned ssh_url), so untrusted third-party content can influence subsequent actions.