analyze

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary "URL to content" (see "Provide one of: URL to content" in SKILL.md), so it will fetch/ingest untrusted public web pages or user-generated content that the agent is expected to read and could carry indirect prompt injections.