ref-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow and references/ref-skill.md explicitly call mcp__Ref__ref_search_documentation (which "search[es] public docs by default") followed by mcp__Ref__ref_read_url to fetch and read exact returned public documentation URLs, meaning the agent ingests third‑party web content that can influence its actions.