marketing-referral

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly defines "Context C -- Live Website URL / Audit Mode" and instructs the agent to "audit the live flows first" and "use the site as the current source of truth," which requires fetching and interpreting arbitrary public live website content provided at runtime — a clear vector for untrusted third-party content to influence the agent's decisions.