structured-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly treat $ARGUMENTS as a URL to fix and include steps that fetch/inspect public sites (e.g., "If $ARGUMENTS is provided, interpret it as the URL to fix" plus example verification using curl and re-scans at isagentready.com/Google Rich Results Test), so the agent is expected to read and act on arbitrary third-party web content which could carry untrusted instructions.