Production Smoke Suite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill (see src/tests/third-party.spec.ts) fetches and parses public third-party endpoints (e.g., https://status.stripe.com/api/v2/status.json and external analytics script responses) as part of its test workflow, and those checks feed into the smoke-suite results which the CI (GitHub Actions) can use to trigger rollbacks/alerts, so external content can materially influence actions.