ln-001-standards-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory Phases 2–3 explicitly call mcp__Ref__ref_search_documentation with queries to retrieve RFCs, official docs and other web results (and records "MCP Ref search URLs" in Phase 6), meaning the agent fetches and ingests open/public third-party content which it must read and use to drive standards/pattern decisions—exposing it to untrusted external content that could carry indirect prompt injections.