quarto-authoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow points to references/extensions.md (listed under "Find and use extensions" in SKILL.md) which explicitly shows installing community extensions from GitHub or arbitrary URLs and shortcodes that embed social media (e.g., tweets, YouTube) — clearly exposing the agent to untrusted, user-generated third-party content that can change rendering behavior and tool use.