first-ask

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly tells the agent to "perform project explorations, using available tools" and "If something needs web research, do that," which directs the agent to fetch and interpret open/public web content as part of its task and so could expose it to untrusted third‑party instructions (SKILL.md).