file-system-object

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and resolve UPPERCASE marker files (e.g., SKILL.md, CARD.yml, GLANCE.yml) from mounted workspace roots including third‑party/public repos (see "Phase 2 — mounted workspace roots" and the CARD.yml sections describing methods/advertisements/k_lines), so untrusted, user‑authored repository content is read and can directly influence dispatch, method invocation, and next actions.