contract-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "How to Use" step explicitly allows the user to provide a contract via a URL, so the agent may fetch and analyze arbitrary public web pages/third-party URLs as part of its workflow (SKILL.md, "User provides contract text (paste, file, or URL)"), enabling untrusted content to influence decisions.