skill-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's refinement workflow and references/sources.md explicitly instruct the agent to "check for updates", "fetch and summarize" and load external sources (e.g., GitHub releases, security advisories, blogs, YouTube/community links listed in references/sources.md and the Refinement Process), meaning the agent will ingest untrusted public web/user-generated content.