pcp-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts "EXISTING COPY: (for audit/refine modes — paste URL or text)" and states "If the user provides a URL or existing copy, switch to audit mode automatically" and then requires the agent to read and audit that page (Audit Mode tests and audit_report with url_or_title), meaning it will ingest and act on arbitrary public URLs/user-provided web content.