brd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly asks for "URLs for Ingestion" and asks "Are there URLs, PDFs, or files you want to ingest as starting material?" and lists "Initial Corpus Ingested" as a required milestone, which indicates the agent is expected to fetch and read arbitrary public/user-provided content that can influence its decisions.