schema-markup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Generation Process explicitly says "If the user provides a URL, fetch it to extract data," which means the agent will retrieve and parse arbitrary user-provided/open-web pages (untrusted third-party content) as part of its workflow, enabling indirect prompt injection.