research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to perform live web and GitHub evidence collection and to read and synthesize those sources as part of the workflow (see SKILL.md description and Phase 2 "Collect evidence in priority order" plus references/channel-selection.md which direct use of "live web" and "GitHub"), so it ingests untrusted third-party content that could carry indirect prompt-injection instructions affecting decisions.