rw-recipe-full-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Decision Tree explicitly instructs accepting public HTTPS URLs ("YES → Pass the URL directly to the API") and Phase 3 lists integrating documents for avatar domain knowledge, which clearly has the agent ingesting untrusted, user-provided web content/documents that can materially influence outputs.