markdown-stylist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md lists allowed_tools including web_search, wikipedia, and fetch_url and explicitly states in "Tool Flow: write_file styled MD, fetch_url inspo"—showing the agent will fetch and read open web content for inspiration, which could be untrusted third-party pages whose content might influence its next actions.