saccoai-proposal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly triggers saccoai-website-analysis on an arbitrary target URL (Phase 1 Step 1a) and then reads/uses the resulting .saccoai/analysis/* files (Step 1b/1c) derived from public, user-provided websites to drive scope, pricing, and next actions, so untrusted third‑party content can materially influence agent behavior.