audit-typography

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to query the public Fonttrio MCP server (via search_pairings/preview_pairing) and to fetch pairing JSON from https://www.fonttrio.xyz/r/{pairing-name}.json, which are open third-party sources whose content the agent would read and use to decide/install pairings.