rule-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Research Gate" section explicitly requires using Exa (mcp__Exa__web_search_exa) and direct WebFetch calls to arXiv (public web URLs) to gather research, so the agent will fetch and interpret untrusted public web content as part of its required workflow, enabling indirect prompt injection.