falco

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md and the included references explicitly instruct the agent to clone and read the public Falco GitHub repository (git clone https://github.com/ysugimoto/falco.git) and also support fetching remote snippets from the Fastly API (-r/--remote), meaning the agent will fetch and interpret untrusted, public third‑party content as part of its workflow.