fracfocus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public, operator-submitted FracFocus registry data from fracfocus.org (see SKILL.md API endpoints like https://fracfocus.org/api/api and bulk download URLs in SKILL.md/references/python_example.py), and the agent is required to parse and use that untrusted third-party disclosure content to produce summaries and drive decisions, so external content could indirectly inject instructions or materially influence behavior.