risc0

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's composition and proving workflows explicitly instruct ingesting external receipts and remote proof results (e.g., ExecutorEnvBuilder::add_assumption / guest env::verify in references/features-composition.md and remote proving via Boundless in references/features-proving-options.md), which are untrusted third-party artifacts the agent reads and that materially influence proof resolution and subsequent actions.