blog-draft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts user-provided "Resources: URLs, files, or references" and in "Setup & Research" instructs the agent to "for each resource, fetch/read and save summaries to resources/source-N-name.md", so it will ingest and interpret arbitrary public/third-party URLs.