work

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's DISCOVER workflow explicitly runs a "Search (background)" and uses commands like lev get "{kw}" --scope=all --depth=research and "online search" (and prior-art checks such as br/cass/lev get) to fetch external/public content, which the agent is required to read and fold into guard scoring, research, and proposal/spec decisions — so untrusted third-party web content can materially influence tool routing and actions.