agent-skill-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill templates explicitly include external integrations that fetch and consume user-generated content—e.g., resources/skill-templates.md Template 2 lists mcp_tools "github.prs" and "github.comments", and Template 4 allows WebFetch with SERVICE_URL—indicating the agent is expected to read third‑party API/web content (user-generated PRs/comments or arbitrary service responses) which could materially influence actions.