anyone-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs automated WebSearch and ingests public/user-generated sources (e.g., "Public figure / Historical figure" and "Fictional character" in SKILL.md which state "Will search the following automatically via WebSearch" and "WebSearch → character wiki (Fandom / IMDB / game databases)"), and it requires the agent to read and incorporate that third‑party content into the persona extraction and persona.json/skill generation pipeline (Phase 3 → Phase 6), so untrusted web content can directly influence agent behavior.