pillar-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's docs (AGENTS.md) include an add_source tool with a url field and describe query/external_link tool types and "How Tools Work" (the AI calls tools that fetch/return data), which shows the agent will ingest arbitrary external URLs/public sources and use their results for further reasoning—exposing it to untrusted third-party content.