continuous-learning-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's import command (scripts/instinct-cli.py cmd_import) fetches arbitrary http(s) URLs via urllib.request.urlopen and parses/writes those external "instinct" files into the inherited instincts directory (also surfaced in SKILL.md as /instinct-import), meaning untrusted web-hosted content is read and can change the agent's instincts and therefore its subsequent decisions and tool behavior.