skill-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow (step 6) and accompanying scripts (scripts/run_loop.py and scripts/run_eval.py) explicitly ingest an eval_set JSON (--eval-set ) of arbitrary queries and then pass those user-provided queries and failure summaries into scripts/improve_description.py (which builds prompts to call Claude and modifies the skill description), so untrusted third‑party/user-generated content is read and directly used to drive model decisions and subsequent tool actions.