aws-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md core workflow explicitly tells the agent to fetch URLs provided in questions and to "search the web using DuckDuckGo tools for community comparisons, benchmarks, or recent announcements," meaning the agent will ingest and interpret untrusted public/user-generated web content (forums, blogs, etc.) as part of its required workflow, which could materially influence its outputs and enable indirect prompt injection.