researchers-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires the agent to fetch and analyze content from open public sources (e.g., CVE/NVD pages, vendor advisories, security blogs, YouTube search, and community sources such as forum posts and leaked chats listed in the "Source Hierarchy" and "Key Sources"), and instructs the agent to read and act on those sources as part of its workflow, so untrusted third‑party content could influence decisions or actions.