rstack-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly fetches and parses public, operator-/user-generated surfaces (e.g., curl to https://$SUBDOMAIN.resolved.sh?format=json, /.well-known/agent-card.json, /posts, /courses, /llms.txt, /openapi.json and external registry checks) and uses that content to compute scores and drive recommended actions, so untrusted third‑party content can materially influence the agent's behavior.