context-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to load and interpret "retrieved documents" and "web links" and to "cross-reference with documentation or web search" (see the "Retrieved Documents" section and the verification workflows), meaning it will ingest arbitrary public web content as part of its workflow and could therefore be exposed to indirect prompt injection.