writing-agent-prompts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly uses dynamic context injection (!command) in SKILL.md and references/advanced-patterns.md (examples like !gh pr diff, !ls supabase/migrations/, and !cat $(ls ... )) which fetch user-generated content from third-party sources (e.g., GitHub PRs / public repos) and inject that untrusted content into the agent's prompt so it is read/interpreted and can directly influence subsequent actions.