printing-press-output-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2) tells the agent to read /tmp/output-review-livecheck.json and inspect live_check.features[] (the sampled stdout) and explicitly allows invoking the CLI binary to gather more output, which means the agent ingests and interprets potentially untrusted, public web/user-generated content produced by the CLI—exposing it to indirect prompt-injection risks.