shortio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes authenticated curl calls to the third‑party Short.io API (e.g., GET /api/links, /links/expand, /api/domains, /domains/{id}/link_clicks) and surfaces fields like originalURL/shortURL and titles returned by Short.io, which are untrusted/user-generated endpoints and content the agent is expected to read/interpret.