skill-refiner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill-refiner workflow explicitly runs behavioral tests from references/test-cases.md in Phase 1 (SKILL.md Phase 1 step 6 and references/test-cases.md), which include prompts that instruct agents to fetch and scrape public websites (e.g., the "browse" test cases that read Tailwind docs and scrape product pages like https://example-store.com/products), so the agent will ingest untrusted, user-controlled web content and use it to influence scoring and improvement actions.