convention-over-configuration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Before Applying" section explicitly instructs the agent to "use context7 MCP or web search" for framework-specific details, which requires fetching and interpreting open/public web content (untrusted third-party sources) that could influence decisions and tool use.