dont-be-greedy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary user-uploaded or user-referenced files (see "When a user uploads or references a data file" in SKILL.md and scripts like scripts/quick_inspect.py, scripts/chunker.py, and scripts/summarize.py which open and read arbitrary file paths), so untrusted user-generated content will be read and summarized as part of the workflow, enabling indirect prompt injection risk.