skill-coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit examples and tool patterns that fetch and consume external public APIs and web content (e.g., the GitHub MCP examples in references/mcp_vs_scripts.md, the MCP/GitHub API tools in references/self-contained-tools.md, and the subagent example requiring WebSearch/WebFetch in the Subagents section), which indicate the agent workflows are expected to read third‑party public content and thus could be exposed to untrusted, user-generated data.