review-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly requires capturing web.run citations and an evidence appendix that includes URLs (see "Step 3 – Capture Evidence" and "Step 4 – Structure Deliverables"), indicating the agent will fetch and read open/public web content as part of its review and thus could be exposed to untrusted third-party instructions.