presentations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires the agent to perform batch web searches (image-search, web-search), "scrape key pages for detail" via scrape-webpage, and download images from arbitrary URLs (curl in Phase 3), so the agent ingests and acts on untrusted public web content that can materially influence design and subsequent tool actions.