layered-rails

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's ActiveAgent examples (references/gems/active-agent.md) define tools like search_web (calling WebSearchService.search) and read_url (calling UrlReaderService.read(url)), which instruct the agent to fetch and ingest arbitrary web search results and URL content — untrusted public/user-generated sources the agent would read and summarize.