solution-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's SKILL.md explicitly instructs the agent to "pull their company context (smartDigest with website_url)" (and repeatedly assembles context from smartDigest/smartRecall) which implies fetching and ingesting public third‑party websites to build prompt context that directly influences generation and actions, exposing the agent to potential indirect prompt injection from untrusted web content.