competition-bundle-sourcemap-recovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly requires ingesting and interpreting served web artifacts (e.g., "Start from the served artifact set: entry HTML, build manifest, bootstrap bundle, chunk map, and source maps"), which are untrusted third‑party web content and are used to drive reconstruction and next actions.