continuous-learning-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI explicitly fetches arbitrary HTTP/HTTPS URLs in scripts/instinct-cli.py (cmd_import uses urllib.request.urlopen) and the SKILL.md exposes the /instinct-import command, and imported instinct files are written into the inherited instincts directory and later loaded/used by the observer/evolve logic—so untrusted third‑party web content can be parsed into instincts that materially influence agent behavior.