auto-benchmark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scrapes leaderboards (Phase 2.1) from URLs in competitive_registry.yaml and ingests open/public research and blogs (Phase 3.1: arXiv queries, competitor_blogs, citation tracking), and it uses that untrusted third-party content to drive hypothesis generation, experiments, and promotion decisions—so external content can materially influence agent actions.