icp-definition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to source language by mining public, untrusted sources—e.g., "mine G2 reviews and community posts" and "Slack communities, Reddit" in the Language and Signal Map sections—so the agent would ingest and act on third-party user-generated content.