skill-generalizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to accept and read configured public sources (e.g., "Ask what sources to monitor (RSS feeds, websites, etc.)" and "If the skill fetches content, fetch it now and show a sample summary" / "Read the configured sources, compare against previously sent items"), which means the agent will fetch and interpret arbitrary third‑party web content that can influence its actions.