scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md clearly documents sync sources and examples that crawl and ingest arbitrary websites, sitemaps, page crawls, Notion/Google Drive content, and an AI "guided_crawl" that follows instructions (e.g., start_urls and "instructions") — meaning the agent will fetch and read untrusted third‑party web/user-generated content as part of its workflow (see the "Syncs" section and the "Guided Crawl Example" in SKILL.md).