productlane

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes curl examples that fetch public, user-generated content (e.g., /api/v1/threads, /api/v1/docs/articles, /api/v1/projects and /api/v1/issues on productlane.com) — some endpoints are explicitly public and return HTML/Markdown feedback or portal posts that the agent is expected to read and could influence actions (messages, upvotes, updates), allowing indirect prompt injection.