christopher-manning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's frameworks (see SKILL.md and references/frameworks.md — e.g., "Interactive Linguistic Web Agent Loop" and "Unsupervised Open-Ended Goal Discovery") explicitly instruct an agent to ingest and interact with arbitrary websites via textual accessibility trees and to explore "any site that you show," meaning it fetches/reads untrusted third‑party webpages and uses their content to drive agent actions and learning.