hz-vrc-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly directs the agent to open and inspect public app website/support/privacy policy URLs (see VRC.Publishing.1 in references/vrc-test-plan.md and the Data Use Checkup/privacy policy checks in SKILL.md), meaning it must fetch and interpret arbitrary public developer webpages whose content can change pass/fail decisions.