moai-cc-skill-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and supporting docs (e.g., INTERACTIVE-DISCOVERY.md and EXAMPLES.md) explicitly instruct automated WebSearch / web research and fetching of external URLs (examples include docs.pytest.org and realpython.com) and state that "WebSearch findings INFORM the Skill," meaning the agent ingests untrusted third‑party web content and uses it to drive generation/decisions.