colosseum-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform real-time web searches ("Web Search" in references/api-reference.md and multiple steps in references/workflow-deep.md), query The Grid GraphQL endpoint (references/grid-recipes.md) and fetch public archive documents via /search/archives and GET /archives/:documentId (SKILL.md and references/*), all of which ingest open/public third-party content that the agent must read and use to drive analysis and next actions, creating a clear avenue for indirect prompt injection.