wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary web and crawl/scraped content (see references/plugins.md "Web Clipper" which saves web articles to .raw/ and references/modes.md Mode A listing "crawl exports, scraped pages"), and SKILL.md's ingest/query operations tell Claude to read the index and drill into source pages, so untrusted third-party content would be read and could materially influence agent actions.