learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly ingests external sources — e.g., SKILL.md Phase 3 ("For URLs → use WebFetch" and "Teach FROM the source content") and the README ("Point it at any source material: PDFs, docs, markdown files, URLs and web pages") — meaning untrusted public web pages and user-provided URLs are read and used to drive teaching, quizzes, and scheduling, which could permit indirect prompt injection.