auto-arena

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly collects and ingests responses from user-specified target_endpoints (e.g., arbitrary OpenAI-compatible base_url/api_key endpoints described under "target_endpoints" and "Collect responses — query all target endpoints concurrently"), so untrusted third-party model outputs are read and used to drive pairwise evaluations and final rankings.