ai-summary-request

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "STEP 1: Generate llms.txt" and prompt templates explicitly instruct the agent to inspect and crawl public site content (e.g., "Inspect any available XML or HTML sitemaps... Verify that all URLs return HTTP 200") and to "visit and analyze ${WEBSITE_URL}", meaning the agent will fetch and interpret untrusted public third‑party website content as part of its workflow.