felo-livedoc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary public URLs via the "add-urls" command (see SKILL.md and scripts/run_livedoc.mjs case 'add-urls'), which are ingested by the backend and later returned in retrieval results (scripts/run_livedoc.mjs 'retrieve' / formatRetrieveResult) that the agent reads and can act on, exposing it to untrusted third‑party content that could contain injected instructions.