Art

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to ingest external content/URLs (e.g., "Invoke the StoryExplanation Skill with: 'Create a 24-item story explanation for this content'" and "/cse [paste the content or URL]" in Workflows/Essay.md and Workflows/Mermaid.md) and to "read the full blog post…or URL", which means the agent will fetch and interpret arbitrary public/user-provided web content (untrusted third‑party) as part of its workflow.