recallloom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches a public advisory URL (support_advisory_url in package-metadata.json, e.g. the raw.githubusercontent.com release-advisory.json) as part of its package-support check (described in references/package-support-policy.md), and that external advisory is read at runtime to gate and block mutating helpers, so untrusted public content can materially change agent behavior.