technical-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to fetch and inspect public web content (e.g., "git clone https://github.com/google/docsy-example" and "Reference Docsy's example site" in the "How can I do 'X' more like the Docsy example site?" section), so the agent would read and act on untrusted, third‑party repository/site content that could influence its actions.