synthesis-content-distribution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly requires ingesting and analyzing arbitrary content URLs (e.g., "When given a content URL, produce a strategic brief" and "Read the article at the provided URL" in the Quick Start), so the agent will fetch and act on untrusted public web content which could contain instructions that influence its actions.