tool-selector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly lists "Web search" for "current info, external sources" and Example 1 shows "Web search x3" with results cached and used by later steps, so the agent will read and act on open web content (public/untrusted) that could carry indirect prompt instructions.