craft-site

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to "Use WebFetch on specific doc pages" (e.g., craftcms.com and twig.symfony.com links listed in the Documentation section), meaning the agent will fetch and interpret content from public third‑party websites as part of its workflow, which could allow indirect prompt injection.