continuous-learning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Step 2: Research Best Practices" (and related sections) explicitly instructs the agent to search the web, review top results, and add cited source URLs—requiring it to fetch and interpret public third-party webpages as part of the mandatory extraction workflow, which could allow indirect prompt injection from untrusted web content.