content-semantics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and analyze arbitrary public webpages (e.g., curl -s https://example.com and "If $ARGUMENTS is provided, interpret it as the URL to fix"), so the agent would ingest and act on untrusted third‑party site content.