implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MCP patterns and examples explicitly instruct the agent to fetch and read external public sources (e.g., mcp_call("github", "get", ...), mcp_call("web-search", ...), and mcp__browser__ tools shown in references/mcp-usage.md and async-parallel-operations.md), so the agent would ingest untrusted third-party web content as part of its workflow.