swival

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's core A2A client/server feature and --a2a-config (SKILL.md "A2A (server and client)") plus its use of external model providers via the litellm/generic provider (setup and model selection sections) show it will call and ingest responses from arbitrary remote endpoints/third-party model APIs whose outputs the agent reads and can drive actions, allowing indirect prompt-injection.