one-pager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs the agent to fetch and extract brand assets from arbitrary websites ("extract from my website" with "browser-use tier, WebFetch tier") and to search/list resources that include URLs (see Step 2 and Step 3 in SKILL.md: use of search_resources / list_resources and brand extraction), so it ingests untrusted third‑party web content which the agent must read and use to shape messaging and next actions.