surface

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Discovery and Retrieval workflows (see agents/discovery-writer.md: "Validate all URLs" / llms-full.txt inlining and the instruction to "Test from agent perspective (curl + User-Agent header)") and the retrievability/browser scaffolding explicitly require fetching and ingesting public web pages and external documents, so the agent will read untrusted third‑party web content that can directly influence tool dispatch and next actions.