shape

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly directs the agent in Step 1 to "search beyond — GitHub repos, web results, documentation" and to summarize that research as part of its shaping decisions, so it will fetch and interpret open/public third‑party (potentially user‑generated) content that can influence actions.