x-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read open/public third‑party content (e.g., Hacker News via "x hn", Stack Exchange via "x se", DuckDuckGo via "x ddgo --ai", Wikipedia via "x wkp extract", and Project Gutenberg via "x gtb txt"), which are untrusted/user‑generated sources the agent is expected to read and summarize/use — enabling indirect prompt injection into decision-making.