blog-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 2 "Research and gather sources" explicitly instructs the agent to "fetch URLs" and "read every source completely" (including pasted text), meaning it ingests untrusted open/public web content that will directly shape outlines and writing.