designlint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Audit Mode (see SKILL.md "Audit Mode" and "Step A1 — Capture What Exists") explicitly accepts a URL as an input/source and instructs the agent to read, document, diagnose, and act on the content of that page, meaning arbitrary public (untrusted) web content can be ingested and materially influence the agent's decisions and follow-up actions.