ctf-forensics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs fetching and using open-web data (e.g., the "Bitcoin Tracing" entry pointing to the mempool.space API and other sections showing tools that crawl/fetch web targets like gitdumper/cewl and macvendors lookups), so the agent is expected to ingest and interpret untrusted public third-party content as part of its workflow which could materially influence follow-up actions.