write-context-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Step 1 explicitly directs the agent to perform a "web search for the company name/domain (from nao_config.yaml)", so the skill requires fetching and interpreting public third‑party web content (untrusted) that can influence RULES.md and downstream actions.