project-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs an "acquire" stage to fetch raw data from sources and includes an Example ("Batch Analysis Pipeline (Karpathy's HN Time Capsule)") that fetches and analyzes 930 Hacker News discussions — clearly public, user-generated content that the agent is expected to read and analyze as part of its workflow.