llm-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 (Step 2) explicitly requires using the web_search tool to fetch and reference public web sources ("Search for evidence" / "Reference evidence with source URLs"), so the agent ingests and acts on untrusted third‑party webpages to determine verdicts and drive revisions.