bom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill's SKILL.md explicitly instructs the agent to query and ingest distributor and web content (see "Enriching with Distributor Data" and the lines "use the DigiKey API first ... Fall back to WebSearch" and "Always query current pricing via the digikey, mouser, and lcsc skills"), so it will fetch and interpret open third‑party webpages/APIs whose content can change ordering and sourcing decisions.