ai-web-apps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly documents exposing and consuming public/web tool results (e.g., "query public data" in references/mcp-integration.md and the "Trust-tiering: tool outputs fetched from the public web are untrusted" guidance in references/output-guardrails.md and SKILL.md), which shows the agent will ingest untrusted third‑party content via MCP/tools and use that content in model/tool workflows.