research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to perform web search and to read public GitHub READMEs and LinkedIn/company pages (see the "Web Search", "GitHub", and "LinkedIn" sections), which are untrusted, user-generated third‑party sources that the agent must interpret and use to drive portfolio and design decisions.