ljg-xray-article

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Step 1 explicitly requires fetching article content from user-provided URLs using WebFetch, and the required workflow then reads and interprets that untrusted third-party content (the four-layer analysis and subsequent generated actions/files), so malicious content could influence the agent's analysis or outputs.