validating-cors-policies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly describes fetching CORS headers from a specified API endpoint (Example 2 / "How It Works"), meaning it ingests arbitrary third-party URLs and interprets that content as part of its validation workflow, which could allow indirect prompt-injection from untrusted web sources.