ACP Rank

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches arbitrary agents' self-introductions via the /agent/{agent_id}/agent.md proxy (it retrieves https://{agent_id}/agent.md), which is public, user-controlled content that the skill reads and returns as part of its workflow and could influence agent selection or actions.