anycap-blog-production

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and requires processing of user-supplied URLs or "crawled notes" as part of its core brief-building workflow (see SKILL.md "The user may feed: ... URLs" and references/input-brief.md "Accepted Input Types: ... URLs or crawled notes"), so the agent is expected to ingest and act on untrusted public web content that could carry indirect prompt injections.