blog-outline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md Step 2 explicitly directs using WebSearch on the target keyword and WebFetch on the top search results to extract heading structures from public webpages, so the agent ingests untrusted third‑party web content that directly informs its outline decisions.