wendy-lite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly describes fetching WASM binaries via WiFi/HTTP ("Uploading WASM Binaries" — HTTP download after WiFi provisioning) and the references include a Swift HTTPS example (references/swift-sdk.md connecting to httpbin.org), so the agent's workflow can ingest and execute untrusted third-party content from arbitrary web endpoints.